[Shorewall-newbies] maclist setup

David Shepherd sdave at ufl.edu
Mon Mar 8 17:49:55 PST 2004


I am have a problem with maclists and wanted to know if I should do what
I'm trying to do with some netfilter commands instead of trying to do it
through shorewall..
 
I have 3 NIC cards.one for external and two for internal network...One
of the internal cards uses masq for the hosts connected to it, call it
eth1.the other I just want to use as access to an internal DNS server
and internal web server, call it eth0..I want the maclist option
specified on eth1 that way users cannot access the internet at first..I
want them to only be allowed to connect to the internal web server or
internal DNS, which is eth0.but this isn't working like I wanted..
 
When I specify maclist in the interface file on eth1, it causes me to be
unable to communicate with eth0 also, until I manually enter the mac of
the computer..The web server I have does this through forms but I cannot
get it to where the users can all access eth0 and the internal web
server while not being able to use eth1 for internet until they register
on my web server..
 
The web server isn't the issue, the setup to only restrict macs on eth1
and not eth0 is my problem..they are both connected to the same internal
network..not in the same subnet though..
 
Thanks,
 
Dave


More information about the Shorewall-newbies mailing list