|
|
lug-bg: IPTABLES i ethernet
- Subject: lug-bg: IPTABLES i ethernet
- From: bugar@xxxxxxx (Atanas Mavrov)
- Date: Sat, 22 Jun 2002 22:31:40 +0300
Zdraweite
Tozi wypros mislq che be zadawan, no ne movah da go namerq. Zatowa wi molq da
pomognete.
Znachi imame slednata situaciq slack 8.0, kernel 2.4.5 - towa e mashina
opredelena za serwer. Imame edna mreva w koqto edni mashini trqbwa da imat
dostyp do internet, a drugi ne. Znachi trqbwa da ogranicha mashinite po ip i
po mac adres /ne che e mnogo sigrno, no po dobro ne mi idwa na um/.
Ako priemem che imame mshina koqto trqbwa da ima internet s ip x.x.x.x i mac
adrex y.y.y.y.y.y, to reshih da naprawq slednoto
iptables -t nat -A POSTROUTING -s x.x.x.x -m mac --mac-source y.y.y.y.y.y -j
MASQUERADE
no kakto se okaza mac i POSTROUTING ne mogat da se izpolzwat zaedno.
Reshih da naprawq slednoto, makar che neznam do kolko e prawilno w moq
sluchai /ekserimentirah s loopback adresa/:
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -j DROP
i tyi probwah telnet 127.0.0.1 - raboti. Reshih sled towa da izchistq
prawilata i da probwam slednoto
iptables -A INPUT -s 127.0.0.1 -m mac --mac-source y.y.y.y.y.y -j ACCEPT
iptables -A INPUT -j DROP
no rezultata beshe che nqmam wryzka kym 127.0.0.1.
reshih da probwam i po drug nachin
iptables -A INPUT -m mac mac-source -j ACCEPT
iptabels -A INPUT -j DROP
otnowo nqmashe ochakwaniq rezultat.
Zatowa ako nqkoi ima velanie da pomogne neka kave kyde byrkam i kak move da
stane towa ogranichawane
Blagodarq
============================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers).
http://www.linux-bulgaria.org - Hosted by Internet Group Ltd. - Stara Zagora
To unsubscribe: http://www.linux-bulgaria.org/public/mail_list.html
============================================================================
|
|
|