avoid ip forward replaces the source MAC address

John Mahoney jmahoney at waav.com
Wed Feb 2 14:26:02 EST 2011


On Tue, Feb 1, 2011 at 2:39 PM, John Mahoney <jmahoney at waav.com> wrote:
> On Tue, Feb 1, 2011 at 2:27 PM, Elvis Yoan Tamayo Mollares
> <etmoyares at grm.uci.cu> wrote:
>> hi list, during ip forwarding process, the kernel replace the source MAC
>> address of the package it received with my own MAC address.. My question
>> is: Is there any way to avoid this behavior?
>
> That is what routing does at the ip layer.  You may be able to
> accomplish this by bridging the two ports together so that the traffic
> is handled at layer 2.

As a side note, looking at the iptables target:
 -m mac --mac-source XX:XX:XX:XX:XX:XX [1]

and the kernel code for that module (net/netfilter/xt_mac.c) it
appears that the src MAC address is saved in the sk_buff and is still
accessible in the PREROUTING, INPUT, and FORWARD chains via
eth_hdr(skb)->h_source.

I do not know if that helps.  I guess my point is my first answer was
the logical one, but it may be possible if you think outside the box.

--
John

[1]http://www.faqs.org/docs/iptables/matches.html#TABLE.MACMATCH



More information about the Kernelnewbies mailing list