I made an ipXmac matching policy on my firewall to allow only matching users to have any kind of access, but the problem is that I also have a transparent proxy rule that won't work anymore.
Here's my NAT'S prerouting table:
Chain PREROUTING (policy ACCEPT)
target prot source destination
ACCEPT all -- 192.168.10.69 0.0.0.0/0 MAC 02:02:A5:XX:XX:XX
ACCEPT all -- 192.168.10.73 0.0.0.0/0 MAC 00:0C:6E:XX:XX:XX
ACCEPT all -- 192.168.10.70 0.0.0.0/0 MAC 00:11:2F:XX:XX:XX
DROP all -- 192.168.10.0/24 0.0.0.0/0
REDIRECT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp dpt:80 redir ports 3128
Example: The user with the IP 192.168.10.69 will only have granted access (ACCEPT) if his NIC's MAC will be 02:02:A5:XX:XX:XX.
The problem is that the last rule (the transparent proxy's one) is being ignored. It means, as soon as the user is accepted by the mac-match rule, it goes directly to the port 80 it's requesting, it's not being redirected to the port 3128.
Any ideas?
Marcelo Chanea,
Rio de Janeiro, Brasil.