From: Florian Westphal <fw@strlen.de>
To: Ludvig Sandh <givdul11@hotmail.se>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: Re: Packets lost in netfilter & Altering outgoing packet's mac address
Date: Thu, 18 Aug 2022 19:49:52 +0200 [thread overview]
Message-ID: <20220818174952.GB32331@breakpoint.cc> (raw)
In-Reply-To: <DB4P191MB2213EA897B746F3E2DA9FA54BD689@DB4P191MB2213.EURP191.PROD.OUTLOOK.COM>
Ludvig Sandh <givdul11@hotmail.se> wrote:
> For changing the source address of outgoing packets I’ve tried explicitly setting it with
> ’nft add rule ip filter postrouting ip saddr set 192.168.10.132 ether saddr set 54:af:97:87:eb:b9’
Won't work because at this point there either is no ethernet header yet
or you're changing the ethernet header of the incoming/forwarded packet.
> chain input {
> type filter hook input priority filter; policy accept;
> ip saddr 216.58.207.206 ip daddr 192.168.10.203 ether daddr 7c:c2:c6:35:82:08 counter packets 1 bytes 168
> # Shows that the google packet reached the input chain with altered addresses!
> }
> }
> table ip filter {
> chain prerouting {
> type filter hook prerouting priority filter; policy accept;
> counter packets 0 bytes 0
Wild guess: IP stack discards packet as foreign. Try 'meta set pkttype
set unicast' in the bridge rule that rewrites the dst mac.
prev parent reply other threads:[~2022-08-18 17:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-16 10:50 Packets lost in netfilter & Altering outgoing packet's mac address Ludvig Sandh
2022-08-18 17:49 ` Florian Westphal [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220818174952.GB32331@breakpoint.cc \
--to=fw@strlen.de \
--cc=givdul11@hotmail.se \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.