On Mon, 3 Oct 2005, HouCheng Lee wrote:
My problem is that my NAT is behind a firewall (controlled by the SA), and the firewall will check the MAC address of outgoing packet. The eth0 of the NAT is the only legal card that allows to go outside.
Any packets going via a Linux router is automatically given the source MAC of the interface the packet leaves the Linux router on. This happens even if you do not NAT the traffic.
Because the NAT only change the source ip address of packets, the machines behind NAT are not allowed to go outside because of the lack of legal mac address.
The MAC is changed. Most likely the ISP is looking into something else as well such as the TTL of the packet (some is known to do this to prevent the use of "broadband routers" to connect multiple computers).
If all you need is to provide web access then the easiest solution is probably to run a proxy such as Squid.
Regards Henrik
