LinuxQuestions.org - IPtables and MAC filtering

- Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)

- - IPtables and MAC filtering (https://www.linuxquestions.org/questions/linux-networking-3/iptables-and-mac-filtering-917408/)

IPtables and MAC filtering

Hi all,

I'm fairly new to networking in Linux so please be gentle. I have the following setup in terms of network:

Private lan on 192.168.10.xxx
My all in one wifi router controls this and has an ADSL modem to give it the link to the world. I also have a VPN service in the US that I use to be able to watch stuff that is limited to US only from my home in Singapore.
This VPN is activated on the same router running dd-wrt firmware using the PPTP client that is built in.

I have a Sonos system connected to this which I want to use with Pandora like services.

What I want to do is be able to insert some rules that will do enable the following two things:
1) When sonos MAC packets arrive with destination local network just allow it to flow to the default course of internal 192.168.10.xxx
2) When sonos MAC packets arrive with any other destination push it through the VPN tunnel named ppp0.

How can I make this happen?

Hi,

to filter by MAC address, you should use the iptables mac extension :

Quote:

mac
[!] --mac-source address
Match source MAC address. It must be of the form XX:XX:XX:XX:XX:XX. Note that this only makes sense for packets coming from an Ethernet device and entering the PREROUTING,
FORWARD or INPUT chains.

the rule might look something like this :

Code:

iptables -A FORWARD -m mac --mac-source $SONOS_MAC ! -d 192.168.10.0/24 -o ppp0

this adds a chain (rule) in the forward table that checks the mac address and the destination address for the tcp protocol for a not match (the ! ) and sends it to ppp0.

You will of course need to configure your routing tables properly for this setup. (route command)

Serafean