[CentOS] iptables rule (MAC filtering)
Jordi Espasa Clofent
sistemes.llistes at intergrid.catMon Jun 25 16:20:04 UTC 2007
- Previous message: [CentOS] Nautilus displays open document files of OpenOffice.org2 as ZIP files
- Next message: [CentOS] iptables rule (MAC filtering)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all, I've a CentOS box which as two NIC; this box is also a router for LAN subnet: ------------------------------------ | eth0 (external) 172.0.0.1 | | eth1 (internal) 192.168.1.1 | ------------------------------------ | LAN clients (192.168.1.2+) I want to allow http acces only for two LAN boxes; an only http access, which means that others protocols as smtp, pop3, imap and so on will be permited. The rest of LAN boxes will be redirected to a local http service (192.168.1.1:80) I think the best way is creating a iptables rules based on MAC address. So, the rules I've made are: iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 -m mac --mac-source ! xx:xx:xx:xx:xx:xx --dport 80 -j DNAT --to-destination 192.168.1.1:80 iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 -m mac --mac-source ! xx:xx:xx:xx:xx:xx --dport 80 -j DNAT --to-destination 192.168.1.1:80 Please, note the exclamation symbol, which means a logical negation. But it seems doesn't work correctly: all the LAN clients can suffer the web. ¿?¿?¿
- Previous message: [CentOS] Nautilus displays open document files of OpenOffice.org2 as ZIP files
- Next message: [CentOS] iptables rule (MAC filtering)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list