i WANT TO BYPASS THE SPECIFIC MAC ADDRESS
Given below is my IPTABLES output..
Please help to resolve this problem..

[root@localhost ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere MAC 00:15:B7:33:6A:57
ACCEPT all -- anywhere anywhere MAC 00:15:B7:33:6A:57
ACCEPT all -- anywhere anywhere MAC 00:15:B7:33:6A:57

ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dptop3 state NEW

DROP tcp -- anywhere anywhere tcp dpt:http

ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dptop3 state NEW

DROP tcp -- anywhere anywhere tcp dpt:http

ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dptop3 state NEW

DROP tcp -- anywhere anywhere tcp dpt:http

Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:http
DROP tcp -- anywhere anywhere tcp dpt:http
DROP tcp -- anywhere anywhere tcp dpt:http
REJECT tcp -- anywhere anywhere tcp dpt:msnp reject-with icmp-port-unreachable
DROP tcp -- anywhere anywhere tcp dpt:msnp
DROP all -- anywhere 207.46.110.0/25
DROP all -- anywhere 207.46.104.20
REJECT tcp -- anywhere anywhere tcp dpt:msnp reject-with icmp-port-unreachable
DROP tcp -- anywhere anywhere tcp dpt:msnp
DROP all -- anywhere 207.46.110.0/25
DROP all -- anywhere 207.46.104.20
REJECT tcp -- anywhere anywhere tcp dpt:msnp reject-with icmp-port-unreachable
DROP tcp -- anywhere anywhere tcp dpt:msnp
DROP all -- anywhere 207.46.110.0/25
DROP all -- anywhere 207.46.104.20

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@localhost ~]#

Where is the problem?
What does not work?
What does "Bypass" mean to you?

yes
FOR reference below is my iptables script.

/sbin/iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT

/sbin/iptables -A INPUT -p tcp --dport 110 -m state --state NEW -j ACCEPT

#iptables -I INPUT -m mac --mac-source 00-15-B7-33-6A-57 -j DROP # Actual...final statement for droping specific mac address

iptables -I INPUT -m mac --mac-source 00-16-6F-50-64-5B -j ACCEPT # sample mechine MAC addresss

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # every request should go throught the iptables

iptables -A FORWARD -p TCP --dport 1863 -j DROP # block MSN Messanger




/sbin/iptables -A INPUT -p tcp --dport 80 -j DROP

iptables -I FORWARD 1 -p tcp --dport 80 -j DROP

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DROP

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
"rc.nat" 32L, 1219C




Plz reply

Regards,

Rashid

This is my iptables script file.

referring that I want that specific MAC to browse, can send/receive his emails, download......... means free hand


while remaining network should go through squid proxy server.


Please reply

Regards,


Rashid

I'd set a policy of DROP - and then only open what you want.
I think that might have been the intention of:
instead do:
I'm not sure if your rules for squid are o.k. - this is not to worry you but to say that I just don't know.

thanks for your kind reply

the actual scenario is that I am using squid as a proxy server.............. and for email services(SMTP/POP3) services..

but after running this script the users can easily bypass the squid so I redirect the traffic to squid default port

after that everyone is behind the proxy... but u know some executives need to be fully entertained... I just want that there should be no need to configure any configure on laptop just connect and start their work..............

although remaining should go through squid..................

please guide

Friend

Yesterday One of my friend do something interesting that in proxy settings under the explorer He simply put the
loop back (127.0.0.1: 9000) and 9 thousand series port.... and I am amazed that he opened all websites even block by me and even block by the our country's gateway..........

Very Interesting

Please advise.

Regards,

Rashid