[tproxy] MAC and VLAN transparency
Cameron Schaus
cam at schaus.ca
Mon Jul 16 23:41:47 CEST 2007
On Sun, Jul 15, 2007 at 06:01:24PM +0200, Jan Engelhardt wrote:
> ebtables -t nat -A POSTROUTING -m <some_condition>
> -j snat --to-source <orig_mac>
>
> Simple :)
> (you'd still need arpreply, and something like connmark, so that you can
> properly can figure out orig_mac). This is not so much of a tproxy job IMO.
That is the effect I want to achieve. But these rules need to be
enacted dynamically as each client connects to the proxy. I had hoped
to leverage the connection tracking that tproxy was doing in order to
ensure the ebtables nat rules had the same lifetime as the associated
tcp connection.
And, as Balazs suggests, I also need to grab the orig_mac from the
client connection to use when setting up such a rule.
Cam
More information about the tproxy
mailing list