[ SlackList ] [ WkikiSlack ]



pare mac adresow sprawdzanych przez iptables

From: Jacek <serwerek2_malpka_op.pl>
Date: Thu May 13 2004 - 01:47:51 CEST

Witam, przepraszam ze zawracam glowe ale walcze i nie moge wywalczyc.
Problem mam taki ze jak wpisywalem mac adresy w /etc/ethers i arp -f to
bylo ok. Teraz potrzebuje pare mac adresow do jednego ip rpzypisac i na
iptables dodatkowo. Czy moze mi ktos powiedziec co robie zle ze nie sa
sprawdzane mac`i???

ps. Slack 9.1 iptables najswiezsze. Jajko 2.6.3

Ponizej skrypt mojej maskarady:


/usr/sbin/iptables -t nat -F
/usr/sbin/iptables -t nat -X
/usr/sbin/iptables -t filter -F
/usr/sbin/iptables -t filter -X

/usr/sbin/iptables -P FORWARD DROP

/usr/sbin/iptables -t nat -I POSTROUTING -s 192.168.2.0/255.255.255.0 -d
192.168.2.0/255.255.255.0 -j ACCEPT
/usr/sbin/iptables -t nat -I PREROUTING -s 192.168.2.0/255.255.255.0 -d
192.168.2.0/255.255.255.0 -j ACCEPT
/usr/sbin/iptables -t filter -I FORWARD -s 192.168.2.0/255.255.255.0 -d
192.168.2.0/255.255.255.0 -j ACCEPT
/usr/sbin/iptables -t filter -A FORWARD -s 192.168.2.21 -m mac
--mac-source 00:0B:CD:17:04:36 -j ACCEPT
/usr/sbin/iptables -t filter -A FORWARD -d 192.168.2.21 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.2.21 -o eth0 -j SNAT
--to 10.1.1.1
/usr/sbin/iptables -t filter -A FORWARD -s 192.168.2.21 -m mac
--mac-source 00:02:44:24:C2:65 -j ACCEPT
/usr/sbin/iptables -t filter -A FORWARD -d 192.168.2.21 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.2.21 -o eth0 -j SNAT
--to 10.1.1.1
/usr/sbin/iptables -t filter -A FORWARD -s 192.168.2.100 -m mac
--mac-source 00:30:4F:1F:5F:DE -j ACCEPT
/usr/sbin/iptables -t filter -A FORWARD -d 192.168.2.100 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.2.100 -o eth0 -j
SNAT --to 10.1.1.1
/usr/sbin/iptables -t filter -A FORWARD -s 192.168.2.102 -m mac
--mac-source 00:01:03:83:0F:C4 -j ACCEPT
/usr/sbin/iptables -t filter -A FORWARD -d 192.168.2.102 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.2.102 -o eth0 -j
SNAT --to 10.1.1.1
/usr/sbin/iptables -t filter -A FORWARD -s 192.168.2.111 -m mac
--mac-source 00:00:39:F9:AB:82 -j ACCEPT
/usr/sbin/iptables -t filter -A FORWARD -d 192.168.2.111 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.2.111 -o eth0 -j
SNAT --to 10.1.1.1





Z gory dziekuje za pomoc.
Pozdrawiam
Jacek
Received on Thu May 13 17:45:53 2004

This archive was generated by hypermail 2.1.8. Wyprawa Shackleton 2014