in case you manipulate the data in the connection, such as in tproxy
scenario (squid etc')
a new connection goes out (with the same tuple) but the mac address is
diffrent (the source mac is the device interface)
assuming A,B,C are mac address and 1,2,3 are ip address
[user]<--->[transparent bridge]<--->[server]
A1 B2 C3
user initiates a connection A1--->C3
the connection is redirected into B2, the connection is terminated as a
socket to a local application on the traparent bridge machine.
a new connection goes out from B2, masked as B1--->C3 (the target
changes B1 into A1)
in return, the server answers A1 C3--->A1, the connection is redirected
into the localhost
the data then forwarded to the user B3--->A1 (the target changes B3 int C3)
Shai Tahar
Storwize
Jan Engelhardt wrote:
On Thursday 2009-09-24 09:43, Shai Tahar wrote:
---- README ---
ebt_dyn_snat - ebtable dynamic snat
Authors:
Shai Tahar <shai.tahar@xxxxxxxxxxxx>
Changes source mac address according to source ip address based on local
arp table
to be used when source ip address is snated
Copyright (C) 2009 Storwize
ebtables target for transparent bridge
[user]<--->[transparent bridge]<--->[server]
if the transparent bridge maskes user ip address towards the server,
the bridge normally would replace the source mac address
Well, if you want to have the client's original MAC address in the
packet, do not SNAT it. It (seems) as simple as that.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
