MAC-Address based routing

Posted by d-fens on Server Fault See other posts from Server Fault or by d-fens
Published on 2012-11-28T16:11:57Z Indexed on 2012/11/28 17:06 UTC
Read the original article Hit count: 164

Filed under:
|
|

Here is what i want to do:

I have a bunch of systems, some might have the same Public-IP, i disable ARP. I have a Firewall (either IP Layer or bridge-FW) between these systems and the internet. Depending on the destination port of incoming IP-Packets to some of these Public-IPs i want to set the destinsation-Ethernet-Adress. So for instance

System A has IP 8.8.8.8, mac de:ad:be:ef:de:ad, arp disabled System B has IP 8.8.8.8, mac 1f:1f:1f:1f:1f:1f, arp disabled

Firewall has IP 8.8.8.1, arp disabled on that interface

  1. Incoming packet to IP 8.8.8.8 tcp dest port 100
  2. Incoming packet to IP 8.8.8.8 tcp dest port 101

Firewall sets dest-mac for 1.) -> de:ad:be:ef:de:ad Firewall sets dest-mac for 2.) -> 1f:1f:1f:1f:1f:1f

Second scenario:

System A and System B establish outgoing TCP-Connections, and the firewall matches the dst-mac of the incoming IP-Packets (response packets) to the senders-mac address.

is this possible in any way with linux and iptables?

edit: i read ebtables might "work" in a hackish way for this purpose but i am not sure...

© Server Fault or respective owner

Related posts about linux

Related posts about iptables