I am trying to find a way of doing virtual MAC addresses under Linux, and it occurred to me that it could be done with netfilter based on the following pieces of the puzzle: 1. a way of responding to arp requests with the new MAC address (arptables to mangle the MAC address in the arp response) 2. a way of accepting packets with the different MAC address (promisc mode on the interface) 3. a way of SNAT-ing the MAC address in outgoing packets (the missing piece) In fact, #3 almost wouldn't be required if hosts on the network didn't mind ip packets coming at them with a different MAC addresses to what was in their arp tables. Unfortunately the device I'm trying to talk to uses the source MAC address on the arp-reply packet, not the MAC address in the packet itself. Clearly my device is broken, but I'm stuck with it. I originally thought ebtables might be able to do what I want, but I'm not using a bridge and it can't SNAT OUTPUT packets anyway. Could a SNAT MAC address target be written for iptables, or does iptables 'finish' too early in the packet traversal for the MAC address to be decided on yet? Suggestions? Thanks James
