IP Masquerading/NAT with MAC address filtering

Hello,
Can anyone give me some insight here as to how to start this?
I know how to setup IP Masquerading/NAT with a linux machine.. no
problem there.

What I'm looking to do is be able to filter what goes through the nat to
the outside world based on MAC address. It's going to be an all or
nothing... either the MAC address is allowed to go out, or it isn't.

How can I enable/disable internet access on a network for a MAC address,
for computers going through a linux IP MASQ/NAT to the outside world?

~ Matt

On Friday 05 September 2003 19:27, Matt wrote:


> What I'm looking to do is be able to filter what goes through the nat to
> the outside world based on MAC address. It's going to be an all or
> nothing... either the MAC address is allowed to go out, or it isn't.
>
> How can I enable/disable internet access on a network for a MAC address,
> for computers going through a linux IP MASQ/NAT to the outside world?

Why don't you use the Mac-match module?

ALLOWED_MACS="01:02:03:04:05:06 06:05:04:03:02:01"

iptables -P FORWARD DROP

for allowed_mac in $ALLOWED_MACS ; do
iptables -A FORWARD -i eth0 -o ppp0 -m mac \
--mac-source "${allowed_mac}" -j ACCEPT
done

and natting as usual.

root# iptables -V
iptables v1.2.6a



HTH

Ciao, Horst
--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn