<html><head><style data-externalstyle="true">
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph {
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst, p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle, p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast {
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
line-height:115%;
}
</style><style><!--
.EmailQuote {
padding-left:4pt;
margin-left:1pt;
border-left-color:rgb(128, 0, 0);
border-left-width:2px;
border-left-style:solid;
}
--></style></head><body><div data-externalstyle="false" style="font-family:Calibri,'Segoe UI',Meiryo,'Microsoft YaHei UI','Microsoft JhengHei UI','Malgun Gothic','Khmer UI','Nirmala UI',Tunga,'Lao UI',Ebrima,sans-serif;font-size:16px;"><div>your commands are for iptables not ebtables. another way you could do this is to use system-config-firewall to setup masquerading and a stock set of rules for you since you’re not familiar with netfilter, and then add your custom rules later.</div><div data-signatureblock="true"> </div> <div style="border-top-color: rgb(225, 225, 225); border-top-width: 1px; border-top-style: solid;"> <strong>From:</strong> Lázaro Morales<br> <strong>Sent:</strong> 31 October 2012 3:39 PM<br> <strong>To:</strong> users@lists.fedoraproject.org<br> <strong>Subject:</strong> IPTABLES and EBTABLES<br> </div> <div> </div>
<font size="2"><span style="font-size: 10pt;"><div class="PlainText">Hello,<br>
<br>
How can be used EBTABLES in addition to IPTABLES to forward traffic<br>
from an internal LAN to an external?<br>
<br>
Suppose that I have an internal LAN with private IPs, and a Gateway<br>
that control the traffic to the outside, and I only need forward traffic<br>
for certain MAC address regardless IP address.<br>
<br>
<br>
INTERNET --> Gateway <--- LAN<br>
<br>
I'm not sure if I have to enable the following modules in `sysctl.conf`:<br>
net.bridge.bridge-nf-call-iptables = 0<br>
net.bridge.bridge-nf-call-arptables = 0<br>
<br>
I have tried with the following configuration, but nothing happens:<br>
<br>
# ebtables -F<br>
# ebtables -t nat -F<br>
# ebtables -P INPUT ACCEPT<br>
# ebtables -P OUTPUT ACCEPT<br>
# ebtables -P FORWARD ACCEPT<br>
# ebtables -A FORWARD -i eth0 -o eth1 -j ACCEPT<br>
# ebtables -t nat -A POSTROUTING -s INTERNAL_LAN_CLIENT_MAC -o eth1 \<br>
-j snat --to-source MAC_OF_EXTERNAL_GATEWAY_INTERFACE<br>
<br>
Any thought will be highly appreciated.<br>
Thanks in advance,<br>
Lázaro.<br>
<br>
*****************************************************************************<br>
* Este mensaje de correo electrónico ha sido procesado por el *<br>
* Servidor de Correo Electrónico de Frioclima y es un correo *<br>
* válido para el dominio: frioclima.com.cu *<br>
*****************************************************************************<br>
<br>
<br>
-- <br>
users mailing list<br>
users@lists.fedoraproject.org<br>
To unsubscribe or change subscription options:<br>
<a tabindex="-1" href="https://admin.fedoraproject.org/mailman/listinfo/users">https://admin.fedoraproject.org/mailman/listinfo/users</a><br>
Guidelines: <a tabindex="-1" href="http://fedoraproject.org/wiki/Mailing_list_guidelines">http://fedoraproject.org/wiki/Mailing_list_guidelines</a><br>
Have a question? Ask away: <a tabindex="-1" href="http://ask.fedoraproject.org">http://ask.fedoraproject.org</a><br>
</div></span></font>
</div></body></html>