From owner-freebsd-questions@freebsd.org Mon Oct 28 23:57:43 2019 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 6499416084A for ; Mon, 28 Oct 2019 23:57:43 +0000 (UTC) (envelope-from nathan@robertsonfamily.id.au) Received: from mail-ot1-x332.google.com (mail-ot1-x332.google.com [IPv6:2607:f8b0:4864:20::332]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 472BVF6xQmz4fPw for ; Mon, 28 Oct 2019 23:57:41 +0000 (UTC) (envelope-from nathan@robertsonfamily.id.au) Received: by mail-ot1-x332.google.com with SMTP id m19so8267764otp.1 for ; Mon, 28 Oct 2019 16:57:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=robertsonfamily-id-au.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=mSB6FdqP0NmKJpOekrGjWgQPqNlZ7xmHGvvH4uoAaJ8=; b=rGR1w2CAanUfUR7mI83kp2R97ADp6SwnYbwl6rfk3/pYmYgX8tO35uVIwHKkE3/J08 IQ6bhLKCE0jo1HwdSMyQvvhU56QXhDANqr4AuH/IiGMxqHLReqF+7Dfp+Jgmyt8HJNtg aVLOXYnGxdSICdzKpMh/uU7dyCpU/F7AfLKHv+TmtsnzJnwBvoCh5LXfVVjIB+cPDhlP t9leBh71NBLLbnD7n1vy74bH3P/ljHn7XLyUKAo+jzXM0LUQx5hQzVuNlxJve+gKUhJn cGngeJ1wafFAnjtUK9po5VS3Si5u9m2fmuaMLPavVl3ioCPPHw3E0sm6pewR5Bxk0t8C VqHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=mSB6FdqP0NmKJpOekrGjWgQPqNlZ7xmHGvvH4uoAaJ8=; b=ZRUamvLzxEUBaCCjahlt2367MnHRyNiV5XqaNLOo/XPwuMWCPtjI8Ab+1pKI+f/t15 FWONGu1hLLR2TnwlGPL6h0X84befa4I3V/EYK5NQlVZiNaAtTmGV71mzPkpvYoj7N9wU On/mZ/m45t8uykJqFx1Thp9D9CkqVywURcGAMMwKhHUm9TFrDg0s0D877AJDywU40ovb u8+f1cExjOT5SNgbiIlvuWlD9Uiq7EKFF9o+F724+zQkuec/5wTIHlj5xgq0uiXbxOo+ JlYVKJqAlkYB0UF1TTjMaMGQB2Koi8zNWJxU3w8uRPXxCgndLC3TWMhCBFmBeV9zgQPw Dkqw== X-Gm-Message-State: APjAAAW3uUaaPR4b1kvlx3n+m990BQ09iZlsMTcxWZTymX3h7xk1jSBu TeG0mFlvPdpbAEvabYUsN+UefwoBzUz9KsTsDiq+tCMEBi5VuQ== X-Google-Smtp-Source: APXvYqwcu0vRqgRMvrlGFNX1HV1lIqKgCloQ1wy3RP09RSBKZpVeWUdS0T3IBPhgagEcObnZEraqujqnqAHNlsr7lt0= X-Received: by 2002:a9d:6084:: with SMTP id m4mr15799152otj.18.1572307060174; Mon, 28 Oct 2019 16:57:40 -0700 (PDT) MIME-Version: 1.0 From: Nathan Robertson Date: Tue, 29 Oct 2019 10:57:28 +1100 Message-ID: Subject: Masquerading MAC addresses To: freebsd-questions@freebsd.org X-Rspamd-Queue-Id: 472BVF6xQmz4fPw X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=robertsonfamily-id-au.20150623.gappssmtp.com header.s=20150623 header.b=rGR1w2CA; dmarc=none; spf=none (mx1.freebsd.org: domain of nathan@robertsonfamily.id.au has no SPF policy when checking 2607:f8b0:4864:20::332) smtp.mailfrom=nathan@robertsonfamily.id.au X-Spamd-Result: default: False [-3.89 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[robertsonfamily-id-au.20150623.gappssmtp.com:s=20150623]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; TO_DN_NONE(0.00)[]; URI_COUNT_ODD(1.00)[3]; RCPT_COUNT_ONE(0.00)[1]; DMARC_NA(0.00)[robertsonfamily.id.au]; DKIM_TRACE(0.00)[robertsonfamily-id-au.20150623.gappssmtp.com:+]; RCVD_IN_DNSWL_NONE(0.00)[2.3.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; R_SPF_NA(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; IP_SCORE(-2.59)[ip: (-8.47), ipnet: 2607:f8b0::/32(-2.40), asn: 15169(-2.05), country: US(-0.05)]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Oct 2019 23:57:43 -0000 Hi, I have an interesting issue that I'm hoping that somebody might be able to point me in the right direction on. Even just a pointer or two, or where to go ask. I've got a situation where my VPS provider is packet filtering my traffic based on MAC address, and as a result are dropping my jail traffic (as FreeBSD bridges traffic from the jail to the network using the jail's MAC address). I need a way to essentially masquerade the MAC address for outbound traffic on the host interface to get past the VPS vendors firewall. Basically, I need vnet jails with IP addresses to use the host adapters MAC address for outbound connections (think of it as masquerading / NAT of MAC addresses). On Linux, it looks like ebtables can do it (MAC NAT - https://ebtables.netfilter.org/documentation/features.html). I can see ipfw supports packet filtering based on MAC address, but I can't find anything on packet mangling. Any idea of where I should look or who I could ask about MAC NAT on FreeBSD? Thanks for any help provided. This one's really starting to do my head in. Nathan.