Iptables rules – Access by MAC and redirect

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hello

I am new here and i want to say Hi to Everybody!

And I have a questions. I want to write Linux firewall iptables rules.
I want to block internet access to all users and allow by MAC
addresses. Oh and when someone isn=92t on access list to redirect him to
web page with information.

I start writing rules:

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -F
iptables -X
iptables -t nat -X
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P FORWARD DROP

iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE

iptables -A FORWARD -m mac --mac-source 00:1F:D0:0D:4A:5A -j ACCEPT
iptables -A FORWARD -j ACCEPT -m state --state RELATED,ESTABLISHED

but I don=92t know how to redirect blocked users to web page
information.

All the best
TomTom

Re: Iptables rules – Access by MAC and redirect
Quoted text here. Click to load it

That's because one can't do that with iptables alone.  The web server has
to be able to determine what it will allow and not.  MAC addresses
typically aren't available, so you'll also need an external script run by
the server.



Re: Iptables rules =?iso-8859-1?b?lg==?= Access by MAC and redirect


Mon, 11 Jan 2010 13:00:22 -0800, D. Stussy did catΒ :

Quoted text here. Click to load it

though there could be a quite intricate way to do it based on
 -j DNAT --to $VIRTDOMIP:$VIRTDOMPORT with masquerade and redir rules
and have a virtual domain that'd only play the blockade info pages.
But, I'd really recommend to avoid this stuff and do it in the
application layer :-)

Site Timeline