Danny wrote regarding 'Re: [SLE] MAC address authentication' on Wed, Aug 11 at 13:55:
iptables -n oncampus iptables -n unregistered iptables -s 10.1.1.0/24 -d !10.1.1.0/24 -J oncampus iptables -A oncampus -J unregistered iptables -A unregistered -p tcp --dport 80 -J DNAT 10.1.1.1:8080 iptables -A unregistered -p udp --dport 53 -J ACCEPT iptables -A unregistered -p tcp --dport 53 -J ACCEPT iptables -A unregistered -J REJECT
Whoops, that should be: iptables -t nat -N oncampus iptables -t nat -N unregistered iptables -t nat -A PREROUTING -s 10.1.1.0/24 -j oncampus iptables -t nat -A oncampus -j unregistered iptables -t nat -A unregistered -p tcp --dport 80 -j DNAT \ --to-destiation 10.1.1.1:8080 iptables -t nat -A unregistered -p udp --dport 53 -j ACCEPT iptables -t nat -A unregistered -p tcp --dport 53 -j ACCEPT iptables -t nat -A unregistered -j REJECT The DNAT has to be done in the prerouting chain under the prerouting table to work. Cursed lazy fingers neglecting to type that, and completely forgetting the --to-destination & capital v/s small "n/j"... ;) --Danny, who *did* warn that typos were likely...