> Try adding static ARP entries to each device's MAC address using different > (bogus) IPs. Then try communicating with the bogus IPs. You might get > lucky and be able to communicate. It really depends on what is included in > the higher layer protocol. (I've not dealt with enough SNMP to know if this > is possible.) Doesn't seem to work, despite I created the arp entry with: arp -s 10.2.0.1 00:11:22:33:44:55 To be honest I'm not surprised: how is the receiver of those datagram supposed to know they are for itself, since the dstip doesn't match the IP of the local incoming interface? > Check why replies do not get translated back. Use -j TRACE for them. Good idea. I've added a: iptables -t raw -A PREROUTING -s 10.0.0.1 -j TRACE which I can see getting matches. However nothing is logging in kern.log nor anywhere else (even configuring syslog with a "*.*"). Am I forgetting something about the TRACE target? -- Giacomo "mino" Bernardi -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
