I am wanting to redirect all port 80 traffic to my web server unless I have your mac address, then you should be able to browse the Internet.

I use:

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to $web_ip:80

which works fine.

But how can I skip this redirection if I have your mac.

I tried something like this:

I use iptables -t nat -A PREROUTING -m mac --mac-source xx:xx:xx:xx:xx:xx -j ACCEPT
( yes, this rule is above the redirect rule in the chain )

but it does not work, completely.

To explain, The web server has a frame set up with 3 panels. When I use the mac address to "get past" it tries to load, say google, in one frame of the my web site's web page, and fails.

So, it tries to go to google with a combination of my site which does not exist on google so I get a Google error 404 that URL/control.php was not found on this server. It gets to Google but the wrong way.

Does anyone know a way to not redirect if the mac matches? To "skip" the redirect rule? Jumping to accept does not work.

These macs will be added to the table dynamically daily, and not always the same ones.

Thanks for any help

kumado