Enrique Morfin wrote:
try in a terminal "tcpdump -n -i eth0" and in another terminal tcpdump -n -i eth1 and look if a packet coming on internal interface and is forwarded to external interface, if that occurs, than, look for if the packet comes back. Like you sad, your police is DROP, so you must permit all packets that comes back, unless if you are using the stateful feature of iptables.Hi!
I want to make an ACL qith MAC, but i got some troubles:
if i use:
iptables -I FORWARD -s 192.168.1.1 -m mac --mac-source 00:AA:BB:CC:DD:EE -j LOG
it logs all the 192.168.1.1 packets, but if i change to:
iptables -I FORWARD -s 192.168.1.1 -m mac --mac-source 00:AA:BB:CC:DD:EE -j ACCEPT
Just change from LOG to ACCEPT, and no packet is forwarded. (policy is DROP).
Any idea?
Thanks
__________________________________ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/
and don't forget echo 1 > /proc/sys/net/ipv4/ip_forward
regards --
======================================= Jo�o Victor Almeida Di Stasi Divis�o de Suporte de Redes N�cleo de Computa��o Eletr�nica Universidade Federal do Rio de Janeiro Tel.: 2598-3124
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
