> A typical use case: consider all the downstream interfaces are veth > interfaces into either a network container (separate namespaces) or > bridge interfaces into a VM. Let's assume you want to number the > ethernet interface in the container/VM with the same IP address (*) > (10.0.1.1/24 in the above example) and the router will act both > as default route and proxy ARP for things apparently on the same > subnet. Assume the only requirement is for outbound connectivity > through eth0. OK, the problem here is to keep your interface MAC address when sending a packet. You have the `bonding` driver to group interface but I don't think it permits such a thing as it is more for load-balancing. Maybe the team [1] driver can help here as you can script it. [1] https://fedorahosted.org/libteam/ > There's no reason in theory (I think) why such a NAT should not > work. Outbound packets get NATted to the IP of eth0 saving > the inbound interface in the NAT table. Inbound packets are matched > against the NAT table, have their destination rewritten to the > original source address, and a routed directly out the interface > from which the relevant inbound connection came, rather like a > static interface route. > > My question is does iptables support this? As long as you give to iptables the interface or the IP address, the NAT should be OK. Your problem is to group the interfaces and keep the MAC addresses. >(*) = why on earth would I want to do this? Suppose you have a huge >number of VMs which can live migrate between physical machines. Without >this, IP addressing needs to be globally unique across all VMs >across all physical machines. This is somewhat tedious. But in any case, how would you set up your virtual machines as they need an IP address? Jimmy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
