On Mon, Nov 03, 2003 at 02:32:50PM +0200, George Mihalcea wrote: > Problema e alta aici: incearca sa faca SNAT in tabela filter. Corect ar > fi sa faca in tabela nat. Asadar, comanda ar fi: > iptables -t nat -A POSTROUTING -s 192.168.0.5 -m mac --mac-source > 00:05:15:48:92:25 -o eth1 -j SNAT --to-source xxx.xxx.xxx.xxx Care oricum nu va merge. Solutia este sa faca filtrare -m mac --mac-source in tabela filter, chain-ul FORWARD, si sa faca SNAT in functie de -s in net/POSTROUTING:
iptables -I FORWARD -j REJECT iptables -I FORWARD -s 1.2.3.4 -m mac --mac-source 00:11:22:33:44:55 \ -j ACCEPT iptables -t nat -I POSTROUTING -s 1.2.3.4 -j SNAT --to 5.6.7.8 Or some such. (Mai trebuie niste -i/-d/-o pe acolo, dar irelevante pentru problema initiala) -- Birzan George Violence is the last refuge of Cristian the incompetent -- Salvor Hardin -- Attached file included as plaintext by Ecartis -- -- File: signature.asc -- Desc: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/pk0WaqNK6cml/6cRAup4AJ4+J1gx8kkw9kv5YmpvRmhxdq0KKQCeIiA/ 31rKiFcHJTaWG6XiFd+JiAY= =F/4C -----END PGP SIGNATURE----- --- Detalii despre listele noastre de mail: http://www.lug.ro/
