Masquerading MAC addresses
Nathan Robertson
nathan at robertsonfamily.id.au
Tue Oct 29 01:40:39 UTC 2019
On Tue, 29 Oct 2019 at 12:06, MJ <mafsys1234 at gmail.com> wrote:
>
> On 29/10/2019 11:31 am, MJ wrote:
> >
> > On 29/10/2019 10:57 am, Nathan Robertson wrote:
> >> [...]
> >> Any idea of where I should look or who I could ask about MAC NAT on
> FreeBSD?
> >
> > Sounds like you need some sort of ARP proxy?
>
> Something went wrong.
>
> Anyway, if that's what you need, look at
> https://www.freshports.org/net-mgmt/choparp
>
I don't think proxy ARP is quite enough. It's possibly half the answer, as
it'll make ARP requests from servers on the VPS vendors network work ok,
and probably make inbound packets work ok (although possibly could confuse
the jail server), but when the jail sends an ethernet frame (which goes
over an ethernet bridge to the physical adapter, then out over the wire to
the network), the source MAC address will still be the jail one, not the
host one. The result is the VPS vendor will packet filter the outbound
ethernet frame.
The only way I can think of defeating this is SNAT / masquerade of the
ethernet frame. (I'm trying to avoid doing a TCP level port forward, as I'd
prefer the jail host to not have an IP address on this interface).
More information about the freebsd-questions
mailing list