Ludvig Sandh <givdul11@xxxxxxxxxx> wrote:
> For changing the source address of outgoing packets I’ve tried explicitly setting it with
> ’nft add rule ip filter postrouting ip saddr set 192.168.10.132 ether saddr set 54:af:97:87:eb:b9’
Won't work because at this point there either is no ethernet header yet
or you're changing the ethernet header of the incoming/forwarded packet.
> chain input {
> type filter hook input priority filter; policy accept;
> ip saddr 216.58.207.206 ip daddr 192.168.10.203 ether daddr 7c:c2:c6:35:82:08 counter packets 1 bytes 168
> # Shows that the google packet reached the input chain with altered addresses!
> }
> }
> table ip filter {
> chain prerouting {
> type filter hook prerouting priority filter; policy accept;
> counter packets 0 bytes 0
Wild guess: IP stack discards packet as foreign. Try 'meta set pkttype
set unicast' in the bridge rule that rewrites the dst mac.
