I think I found the solution (at least it works in my case). Not sure
why I couldn't figure this out earlier, it's actually quite simple.
Any packet with a source MAC address that we want to change needs a
rule, and any packet destined to out fake MAC address needs another
rule.
Starting again with the network diagram:
____________________
| |
| br0 |
| |
| eth0.1 eth0.2 |
|__/______________\__|
/ \
/ \ <--- Translate MAC to
/ \ 11:11:11:22:22:22
/ \
/ \
___|___ ___|___
| | | |
| A | | B |
|_______| |_______|
MAC: 00:11:22:33:44:55 MAC:55:44:33:22:11:00
We need to add two rules. The first rule will change the [real] source
MAC address to the new/faked MAC address.
# ebtables -t nat -A POSTROUTING -j snat -s 55:44:33:22:11:00 --to-src
11:11:11:22:22:22 --snat-arp
The second rule will change the any of the faked MAC address back into
the real one.
# ebtables -t nat -A PREROUTING -j dnat -d 11:11:11:22:22:22
--to-destination 55:44:33:22:11:00
Thanks to all that responded with help.
-tim
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
