[CentOS] iptables rule (MAC filtering)
Jordi Espasa Clofent
sistemes.llistes at intergrid.catMon Jun 25 16:20:04 UTC 2007
- Previous message: [CentOS] Nautilus displays open document files of OpenOffice.org2 as ZIP files
- Next message: [CentOS] iptables rule (MAC filtering)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
I've a CentOS box which as two NIC; this box is also a router for LAN
subnet:
------------------------------------
| eth0 (external) 172.0.0.1 |
| eth1 (internal) 192.168.1.1 |
------------------------------------
|
LAN clients (192.168.1.2+)
I want to allow http acces only for two LAN boxes; an only http access,
which means that others protocols as smtp, pop3, imap and so on will be
permited. The rest of LAN boxes will be redirected to a local http
service (192.168.1.1:80)
I think the best way is creating a iptables rules based on MAC address.
So, the rules I've made are:
iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 -m mac
--mac-source ! xx:xx:xx:xx:xx:xx --dport 80 -j DNAT --to-destination
192.168.1.1:80
iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 -m mac
--mac-source ! xx:xx:xx:xx:xx:xx --dport 80 -j DNAT --to-destination
192.168.1.1:80
Please, note the exclamation symbol, which means a logical negation.
But it seems doesn't work correctly: all the LAN clients can suffer the web.
¿?¿?¿
- Previous message: [CentOS] Nautilus displays open document files of OpenOffice.org2 as ZIP files
- Next message: [CentOS] iptables rule (MAC filtering)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list