On Fri, October 17, 2008 21:52, Timothy Toole wrote: > I've tried the following two rules (independently): > # ebtables -t nat -A POSTROUTING -j snat --to-src 11:11:11:22:22:22 --snat-arp > and > # ebtables -t nat -A POSTROUTING -j snat --to-src 11:11:11:22:22:22 --snat-arp -s 55:44:33:22:11:00 > > The result is that the traffic destined to Host A has the "new/faked" MAC address, but the return traffic back to Host B still has the faked address (and thus is ignored by the host). > > Does a corresponding DNAT rule need to be made in the PREROUTING nat chain? Hum... Let me think about this / look through notes / get more sleep (currently 3 hours in the last 36) and get back with you. However in my current sleep deprived state, you may indeed have to DNAT traffic. > Whoops. The ebtables project page states to post questions to the netfilter list (http://ebtables.sourceforge.net/contact.html) *Whaa???* That's news to me. I've been an active subscribed member to the EBTables list (answering questions like a good little Tux) for three or more years and I had absolutely no idea that the mailing lists were deprecated. That explains the lack of traffic of late and why messages like yours have appeared here on the IPTables mailing list. > Thanks again. *nod* More sleep and I'll try to give a better answer. Grant. . . . -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
