Enrique Morfin wrote:
try in a terminal "tcpdump -n -i eth0" and in another terminal tcpdump -n -i eth1 and look if a packet coming on internal interface and is forwarded to external interface, if that occurs, than, look for if the packet comes back. Like you sad, your police is DROP, so you must permit all packets that comes back, unless if you are using the stateful feature of iptables.Hi! I want to make an ACL qith MAC, but i got some troubles: if i use: iptables -I FORWARD -s 192.168.1.1 -m mac --mac-source 00:AA:BB:CC:DD:EE -j LOG it logs all the 192.168.1.1 packets, but if i change to: iptables -I FORWARD -s 192.168.1.1 -m mac --mac-source 00:AA:BB:CC:DD:EE -j ACCEPT Just change from LOG to ACCEPT, and no packet is forwarded. (policy is DROP).Any idea?Thanks__________________________________ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/
and don't forget echo 1 > /proc/sys/net/ipv4/ip_forward regards -- ======================================= João Victor Almeida Di Stasi Divisão de Suporte de Redes Núcleo de Computação Eletrônica Universidade Federal do Rio de Janeiro Tel.: 2598-3124