Hi all,
I want to make this nw diagram:
Small NW ---(eth1)-- Linux iptables --(eth0)---LAN NW
And with these requirements:
-
Allow only 1 Mac address aa-aa-aa-aa-aa-aa from Small NW to LAN NW
-
Allow list of Mac addresses from LAN NW access to Small NW
What will I need to do?
Thanks for your support in advance.
I suppose you could ping each subnet's broadcast, collect IPs, ping each and then dump the arp cache for MACs.
Use this, assuming you don't have any other iptables configuration:
iptables -A FORWARD -i eth1 -o eth0 -m mac --mac-source aa:aa:aa:aa:aa:aa -j ACCEPT
For the list of MAC addresses, assuming these are stored in a file line by line (mac_addresses_file), you can use:
for MAC in `cat mac_addresses_file`; do
iptables -A FORWARD -i eth0 -o eth1 -m mac --mac-source $MAC -j ACCEPT
done
And then drop the rest of the traffic (if this is what you want):
iptables -P FORWARD DROP
The lines above will allow the host with MAC aa:aa:aa:aa:aa:aa from Small NW to communicate with the hosts with the MAC addresses from the file from LAN NW and the other way around.
If you want more details, you should give more information regarding the services that the users can access and about the entire network topology.