Re: MAC Address masking/NAT

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Grant Taylor <gtaylor@riverviewtech.net>
To: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: MAC Address masking/NAT
Date: Fri, 17 Oct 2008 12:15:03 -0500	[thread overview]
Message-ID: <48F8C817.1090407@riverviewtech.net> (raw)
In-Reply-To: <1460c7de0810162313t28b5cd7ete6dda27e534ae55d@mail.gmail.com>

On 10/17/08 01:13, Timothy Toole wrote:
> What I'd like to do is use iptables or ebtables to.... change the MAC 
> address of Host B as packets traverse the bridge. Host A will only see 
> the "changed" MAC address, not the actual one of Host B.
> 
> Here's a lame ascii art diagram:
> 
>               ____________________
>              |                    |
>              |        br0         |
>              |                    |
>              | eth0.1      eth0.2 |
>              |__/______________\__|
>                /                \
>               /                  \ <--- Translate MAC to
>              /                    \     11:11:11:22:22:22
>             /                      \
>            /                        \
>        ___|___                    ___|___
>       |       |                  |       |
>       |   A   |                  |   B   |
>       |_______|                  |_______|
> MAC: 00:11:22:33:44:55      MAC:55:44:33:22:11:00
> 
> Can this be done? Also, if I don't know the MAC address of either 
> host, can a rule be written as a "catch-all" to change any MAC that's 
> plugged in?


Yes this can.  I think you will be doing most of this work in EBTables 
rather than IPTables.  (IPTables can be made to work with ethernet 
frames, but it is nicer to use EBTables which does it directly.  Proper 
tool for the job and all.)

You can easily use EBTables to (S)NAT the frames ethernet MAC address.

As far as the catch all rule, you would have to use rules to act on the 
/known/ systems and then another ""catch all rule to act on /unknown/ 
systems.

If you need more help, just ask.  Though the EBTables mailing list might 
be a more appropriate and better place to get more help.

> Many Thanks.

*nod*



Grant. . . .

next prev parent reply	other threads:[~2008-10-17 17:15 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-10-17  6:13 MAC Address masking/NAT Timothy Toole
2008-10-17 17:15 ` Grant Taylor [this message]
2008-10-18  2:52 ` Timothy Toole
2008-10-18 19:49   ` Grant Taylor
2008-10-18 23:22   ` Timothy Toole

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=48F8C817.1090407@riverviewtech.net \
    --to=gtaylor@riverviewtech.net \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox