[Wlug] iptables use of --mac-source
John Stoffel
john at stoffel.org
Sat Sep 2 15:45:25 EDT 2006
Frank> On Fri, Sep 01, 2006 at 10:40:25AM -0400, John Stoffel wrote:
>> This will only work if you have a bridged network, once you have a
>> switch in the way, the MAC address will change. This is because
Frank> Nope - a switch is logically identical to a bridge with more
Frank> than two ports. A packet forwarded by a router will have the
Frank> routers MAC address because the router has to generate a new
Frank> ethernet frame with the same ethernet payload as the original
Frank> packet, while a switch will blindly forward the packet to
Frank> wherever it's FDB tells it to.
Details details... don't confuse me with facts! *grin* You're right
of course.
>> For network switches, each port has it's own MAC address. Basically,
Frank> Only if the switch supports spanning tree, and only for
Frank> spanning tree - those per-port MACs aren't used for anything
Frank> else.
Yup, that's the details I mis-remembered. Then again, who pays
attention to this stuff any more? *grin*
John
More information about the Wlug
mailing list