Hi there.
While playing with iptables building rules on the fly and reverting them
I found that it takes a while to take the new rule.
I am on kernel 2.4.18-17.7.x on RH7.3
iptables-1.2.5-3
I am DNATing all my pcs to my gateway ip, in that way the computer that
tries to connect to the internet would bounce to the services of my
gateway.
for example:
if a client is trying to access the www.tldp.org would be redirected to
the apache server at my gw instead.
to do this i run the rule:
iptables -t nat -A PREROUTING -j DNAT --to-destination 10.0.10.2
if afterwards i want to enable one pc no matter its ip (can change) to
access the net so I run
iptables -t nat -I PREROUTING -m mac --mac-source 00:20:18:2D:6B:20 -j
DNAT --to-destination 0.0.0.0-255.255.255.255
if after a while I decide to stop the service for that client, I run
iptables -t nat -D PREROUTING -m mac --mac-source 00:20:18:2D:6B:20 -j
DNAT --to-destination 0.0.0.0-255.255.255.255
!!!here is the problem, the client still continue browsing the net.
if i change the ip at the client, it works.
But I do not trust the client, I want to force the change at the server.
is there a session time or something like that?
with ICMP it works perfect on the input and output chain, but somehow it
is not the same at the PREROUTING.
--
QOTD:
"I tried buying a goat instead of a lawn tractor; had to return
it though. Couldn't figure out a way to connect the snow blower."
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
