How do I port forward all devices except for a few?

wafles · June 28, 2022, 6:03am

nice, now I have two working ways to do it. Which one is better is preference because both do the same thing and are just written differently. This is helpful for people looking for an answer to this question or trying to learn iptables

I think I'll put both on my config file and comment out the one I won't use (just in case I change my mind)

pavelgl:

Create a file named maclist in the /root directory and insert the mac addresses of the devices you want to exclude from the redirection rule (one mac address per line)
11:22:33:44:55:66
AA:BB:CC:DD:EE:FF
Insert the following into /etc/firewall.user
maclist="/root/maclist"

while IFS= read -r macaddress
do
iptables -t nat -A prerouting_rule -m mac --mac-source "$macaddress" -j ACCEPT
done < "$maclist"

Disable or remove tcp intercept for method below
then add this to /etc/firewall.user

trendy:

iptables -t nat -N wdevs
iptables -t nat -A prerouting_lan_rule -p tcp --syn -m addrtype ! --dst-type LOCAL,BROADCAST -j wdevs
iptables -t nat -A wdevs -m mac --mac-source 2c:f6:e8:f3:b6:ee -j ACCEPT
iptables -t nat -A wdevs -m mac --mac-source c4:cb:eb:29:32:c6 -j ACCEPT
iptables -t nat -A wdevs -m mac --mac-source e0:a5:d3:d4:37:9b -j ACCEPT
iptables -t nat -A wdevs -p tcp -j REDIRECT --to-ports 9040

system · July 8, 2022, 6:04am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.