I use a linux Centos 6.3 as an Internet gateway with NAT.
I want to allow a specific host to have access to Internet, but I don't want to use its IP address since it may get a new IP address from the DHCP server. Instead I want to use a rule for a specific MAC address.
I used the following but it does not work:
iptables -t nat -A POSTROUTING -o $INTERNETDEVICE -j MASQUERADE
iptables -A INPUT -i $INTERNETDEVICE -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -d 10.1.1.0/24 -j ACCEPT
iptables -A FORWARD -m mac --mac-source {my mac address} -j ACCEPT
where INTERNETDEVICE is the ppp device to internet
If instead of 4th rule I enter
iptables -A FORWARD -s 10.1.1.39 -j ACCEPT
it works perfectly. But with the mac-address, it does not work.
Any help would be appreciated.
Best Answer
Found similar problem here.
Solution was to add this rule to your chain:
Another thing was to verify that the module
ipt_macis loaded.