-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 20 May 2004 12:21, you wrote:
while read line
do
if echo $line|grep -vq '^#';then
iptables -t nat -A PREROUTING -i eth1 -s `echo $line|awk {'print $2'}` -m mac
- --mac-source ! `echo $line|awk {'print $1'}` -j DROP
fi
done < /etc/ethers
#iptables -A FORWARD -m p2p --p2p all -j DROP
while read line
do
if echo $line|grep -vq '^#';then
mac=`echo $line|awk {'print $1'}`
addr=`echo $line|awk {'print $2'}`
iptables -A INPUT -i eth1 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m mac
- --mac-source $mac -j ACCEPT
iptables -A FORWARD -d $addr -j ACCEPT
iptables -A FORWARD -m mac --mac-source $mac -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -s $addr -j SNAT --to aaa.bbb.ccc.ddd
fi
done < /etc/ethers
> Salutare!
> Asta ar fi primul meu post aici.
> O intrebare de incepator care si-a prins urechile in meandrele iptables:
> Mi-am facut un mic - zic eu - router. Are Linux pe el; i-am compilat
> kernelul imi vede cele doua placi de retea, cea externa merge pe net, cea
> interna inca nu e UP.
>
> Vreau sa fac forwarding intre interfete, adica calculatoarele din reteua
> interna sa iasa prin NAT pe internet, insa numai o parte din ele (filtrarea
> se se faca dupa adresa MAC a placii nu dupa IP).
>
> (In felul acesta vor iesii pe net doar ce-i care contribuie la taxa de
> teava...).
>
> Ma poate ajuta cineva? (Poate cu un mic scriptulet...)
> Merci!
>
>
> **************************************************
> Best Regards,
> Ciprian
> *************************************************
>
> ---
> Detalii despre listele noastre de mail: http://www.lug.ro/
- --
Cu respect/Best Regards,
Adrian Mazarache
Public key: http://london.forte.ro/mazasign.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFArH2uEbm/AUY3ZdkRAtsSAJ9BHmX8fg7jQ7GiN+En21ExZrOWRwCbB3Uh
g3umXGt1X/DNBXG8NVW1qOE=
=xvhb
-----END PGP SIGNATURE-----
---
Detalii despre listele noastre de mail: http://www.lug.ro/
