mi nqma kak da raboti kakto go pravish, zashoto -m mac match-vaneto raboti samo za FORWARD pravilata vyv veriga FILTER (tazi deto e default) :)
az po princip pravq slednoto: (eth0 - vytreshen, eth1 - vynshen iface) iptables -P FORWARD DROP iptables -m mac -A FORWARD -s x.x.x.x -d 0.0.0.0/0 --mac-source y:y:y:y:y:y -j ACCEPT iptables -A FORWARD -s 0.0.0.0/0 -d x.x.x.x -j ACCEPT (tova se griji izhodqshtiq trafik samo ot tozi mac adres da se prehvyrlq kydeto i da bilo) posle si pravish MASQUERADE pravilata: iptables -t nat -A POSTROUTING -s x.x.x.x -d 0.0.0.0/0 -j MASQUERADE cheers anton ;] p.s.: izvinqvai, zabravih da ti kaja tva ot samoto na4alo __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ============================================================================ A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers). http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html ============================================================================
