Iptables based on mac address
Wed, 24 Oct 2001 09:41:47 +0530 (IST)
> Message: 1
> From: "shadha" <firstname.lastname@example.org>
> To: <email@example.com>
> Subject: iptables based on mac address
> Date: Mon, 22 Oct 2001 19:27:21 +0530
> Hello all,
> Its very urgent.My requirement is,I want to redirect a denied user to
> some server(ex,172.16.1.111:1025 at which apache server runs)and the
> allowed(accepted user) to the origin server based on "mac" address.
> So I've setup the following 1st two rules .
> To allow particular user (00:00:00:00:00:01) I've setup the 1st rule.
> 2nd rule is for redirecting all other users (except allowed user) to
> server(where apache runs).
> But what happened is it redirects all users to the apache server(including
> allowed user 00:00:00:00:00:01,who want to access the origin server) .
> 1. /sbin/iptables -A FORWARD -p tcp --dport 80 -m mac --mac-source
> 00:00:00:00:00:01 -j ACCEPT
> 2. /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to
> Plz Specify where I've done a mistake.
> 3rd rule is for Redirect .
> 3. /sbin/iptables -A FORWARD -p tcp --dport 80 -j REDIRECT --to
> when executing this,error came like
> [root@iptab kak]# sh test
> iptables: Invalid argument
> For 3rd rule ,how to overcome above specified error.
> I request you all to reply as soon as possible.
> Thanks in advance,
> days with the new configuration iam facing this.....
> can anyone tell me what & why its hapenning...
> thanx in adv. & pls do excuse 4 my english...
I thinl you have to go thrugh how the netfilter works.The packets
whatever is coming in, it will look for the first rule if it is matched
then it goes for the next rule. So seeing from the last rule if it is
matched then it does according to the last rule set.
So if you replace the first rule set to the 3rd the thigs should
work fine. I think you got the point what you have to do.
nSecure Software(P) Ltd.