I have a linux box with two interfaces ... eth0 (no iP address, in promiscuous mode) wired to a network switch port. The switch port is configured as a mirror (a.k.a. firehose). eth1 (10.0.0.2) is a second interface to monitoring application The goal is to take certain packets (identifiable by protocol and port) received on eth0 and send them out eth1 with DNAT 10.0.0.1 and SNAT 10.0.0.2. So if the inbound packet arriving at eth0 looks like: 192.168.17.36 -> 172.16.20.3 | protocol UDP | port 6000 | DATA | It should go out eth1 as: 10.0.0.2 -> 10.0.0.1 | protocol UDP | port 6000 | DATA | I've tried every permutation of OVS, Routes, IPTABLES that I can think of. I can blindly loop ALL of the traffic for eth0 to eth1 with an OVS mirror without filtering or nat but that's not what I need. If I try plain iptables with FORWARD, PREROUTING, and POSTROUTING rules no packets show up on eth1. Is this solvable or a case of "existing technology will not support" ?? Thanks, -> Rob
