redirect without nat?

is it possible?

I searched and tried ebtables w/o any luck so far.

I have a bridge over a 3 port junction.
I want to redirect a packet incoming from eth0 to eth2
without changing it's mac address.

i.e. even if this packet would normaly be redirected to eth1, I want
it to leave the bridge throuh eth2.

can I do it w/o writing/changing code?

On Wed, 21 Jul 2004 00:12:46 -0700, Shahar wrote:

> is it possible?
>
> I searched and tried ebtables w/o any luck so far.
>
> I have a bridge over a 3 port junction.
> I want to redirect a packet incoming from eth0 to eth2
> without changing it's mac address.
>
> i.e. even if this packet would normaly be redirected to eth1, I want
> it to leave the bridge throuh eth2.
>
> can I do it w/o writing/changing code?

man route

I'm not an expert in weird/complicated routing, but I have setup my own
gateway connections, etc. How do you currently have your routing setup?
The route command allows you to specify an optional dev (i.e. interface).

--
Juhan Leemet
Logicognosis, Inc.

(E-Mail Removed) (Shahar) said:
>is it possible?
>
>I searched and tried ebtables w/o any luck so far.
>
>I have a bridge over a 3 port junction.
>I want to redirect a packet incoming from eth0 to eth2
>without changing it's mac address.

MAC? Source or destination? Both? Anyway, doesn't sound likely -- the
MAC address is specific to a network segment, and thus should be set
to the new value each time a packet traverses from one segment to another.

Could you describe in more detail (and in a larger context) what it is
that you're doing?
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)

Juha Laiho <(E-Mail Removed)> wrote in message news:<cdmb95$ggd$(E-Mail Removed)-int>...
> (E-Mail Removed) (Shahar) said:
> >is it possible?
> >
> >I searched and tried ebtables w/o any luck so far.
> >
> >I have a bridge over a 3 port junction.
> >I want to redirect a packet incoming from eth0 to eth2
> >without changing it's mac address.
>
> MAC? Source or destination? Both? Anyway, doesn't sound likely -- the
> MAC address is specific to a network segment, and thus should be set
> to the new value each time a packet traverses from one segment to another.
>
> Could you describe in more detail (and in a larger context) what it is
> that you're doing?

dnat.

i have a linux box with 3 nics.

nic1 connected to a router
nic2 connected to box2 (10.0.0.2)
nic3 connected to box3 (10.0.0.50)

I want to push all(well...) packet incoming from nic1
to nic2 with the original mac address(i.e. no DNAT) so they will arrive
to box2's nic card.

ebtables dnat the packet...
and writing/manipulating kernel is not an option at the moment.

On Wed, 21 Jul 2004 23:17:47 -0700, Shahar wrote:
> Juha Laiho <(E-Mail Removed)> wrote in message news:<cdmb95$ggd$(E-Mail Removed)-int>...
>> (E-Mail Removed) (Shahar) said:
>> >is it possible?
>> >
>> >I searched and tried ebtables w/o any luck so far.
>> >
>> >I have a bridge over a 3 port junction.
>> >I want to redirect a packet incoming from eth0 to eth2
>> >without changing it's mac address.
>>
>> MAC? Source or destination? Both? Anyway, doesn't sound likely -- the
>> MAC address is specific to a network segment, and thus should be set
>> to the new value each time a packet traverses from one segment to another.
>>
>> Could you describe in more detail (and in a larger context) what it is
>> that you're doing?
>
> dnat.
>
> i have a linux box with 3 nics.
>
> nic1 connected to a router
> nic2 connected to box2 (10.0.0.2)
> nic3 connected to box3 (10.0.0.50)
>
> I want to push all(well...) packet incoming from nic1
> to nic2 with the original mac address(i.e. no DNAT) so they will arrive
> to box2's nic card.
>
> ebtables dnat the packet...
> and writing/manipulating kernel is not an option at the moment.

Check out some of the posts to/from "Captain Beefheart". He seems to be
doing something simliar to you, and I believe has arrived at exactly this
point: doing routing, without doing (d)nat. My understanding (but I don't
currently use it) is that if you don't run iptables, there is no (d)nat?
The routing is just done "straight up" meaning your local addresses go out
the other side without being munged to look like they're from one IP.

BTW, I'm not clear what you're trying to do? Diagnostics? If you're just
trying to diagnose something why don't you use tcpdump or something, and
put your interface into promiscuous mode. It almost looks like you're
trying to setup to do "man in the middle address spoofing" or a "hijack"?

The reason the other poster asked what you were trying to do, was to try
to determine what you were really trying to do and why. Sometimes people
get fixated on mechanisms and get embroiled in technical complexities when
what they really want is easily obtainable by some other simpler means.

You still haven't explained what your application is... or why...

--
Juhan Leemet
Logicognosis, Inc.

Juhan Leemet <(E-Mail Removed)> wrote in message news:<pan.2004.07.22.22.08.36.488268@logicognosis. com>...
> On Wed, 21 Jul 2004 23:17:47 -0700, Shahar wrote:
> > Juha Laiho <(E-Mail Removed)> wrote in message news:<cdmb95$ggd$(E-Mail Removed)-int>...
> >> (E-Mail Removed) (Shahar) said:
> >> >is it possible?
> >> >
> >> >I searched and tried ebtables w/o any luck so far.
> >> >
> >> >I have a bridge over a 3 port junction.
> >> >I want to redirect a packet incoming from eth0 to eth2
> >> >without changing it's mac address.
> >>
> >> MAC? Source or destination? Both? Anyway, doesn't sound likely -- the
> >> MAC address is specific to a network segment, and thus should be set
> >> to the new value each time a packet traverses from one segment to another.
> >>
> >> Could you describe in more detail (and in a larger context) what it is
> >> that you're doing?
> >
> > dnat.
> >
> > i have a linux box with 3 nics.
> >
> > nic1 connected to a router
> > nic2 connected to box2 (10.0.0.2)
> > nic3 connected to box3 (10.0.0.50)
> >
> > I want to push all(well...) packet incoming from nic1
> > to nic2 with the original mac address(i.e. no DNAT) so they will arrive
> > to box2's nic card.
> >
> > ebtables dnat the packet...
> > and writing/manipulating kernel is not an option at the moment.
>
> Check out some of the posts to/from "Captain Beefheart". He seems to be
> doing something simliar to you, and I believe has arrived at exactly this
> point: doing routing, without doing (d)nat. My understanding (but I don't
> currently use it) is that if you don't run iptables, there is no (d)nat?
oh, but the packet incoming from NIC1 is "addressed" to, say, nic3. I
want it out from NIC2.
> The routing is just done "straight up" meaning your local addresses go out
> the other side without being munged to look like they're from one IP.
>
> BTW, I'm not clear what you're trying to do? Diagnostics? If you're just
> trying to diagnose something why don't you use tcpdump or something, and
> put your interface into promiscuous mode. It almost looks like you're
> trying to setup to do "man in the middle address spoofing" or a "hijack"?
>
> The reason the other poster asked what you were trying to do, was to try
> to determine what you were really trying to do and why. Sometimes people
> get fixated on mechanisms and get embroiled in technical complexities when
> what they really want is easily obtainable by some other simpler means.
>
> You still haven't explained what your application is... or why...

My application needs to run on a box not on the "main" wire.
so I do want to "hijack" certain packets by rediredt them(using a 3
ports bridge) to a box on the side.

thabnks again