Re: MAC and gateways

On Feb 20, 9:24 am, "nsa....@xxxxxxxxx" <nsa....@xxxxxxxxx> wrote:
Hi,

I have a problem regarding preservation of MAC addresses in packets
when they cross gateways.
My question is basically if it is possible to preserve the MAC address
somehow as the packet cross the gateway.

In general, no, it is not possible to preserve the original MAC
address in such a configuration.

If you rebuild your network such that the source and destination are
on the same network segment (say, using a VPN or a Point-to-point
link) or you change your application to carry the MAC address as part
of the data payload, you should be able to do what you intend.

[snip]
I am designing a special system, where I need to authenticate the
Client based on the MAC address and the IP of the Client (so only to
let the packet thru at the server if MAC and IP matches an entry in a
table). But if the MAC address changes then this is a problem
obviously.

OK, so you've designed your authentication in such a manner that you
will have to make some compromises with either your network design or
your application design.

MAC addresses are only usable (in terms of the on-the-wire packet) on
the local network segment. In that context, they are used by each node
on the network segment to determine physical routing. Such addressing
is unnecessary and unavailable outside of the lan segment; the role of
the gateway is to move data packets from one segment to another, and
this means that it rebuilds the network packet (including MAC address)
for each packet so moved.

So, to get your packets to carry the original MAC address, you are
either going to have to circumvent the gateway by putting the target
system on the same lan segment as the source system (by a point-to-
point link or a VPN of some sort), or you are going to have to carry
the original MAC address as data.

Sorry
--
Lew



.

Relevant Pages

  • RE: Transfer a sending packet to upper TCP/IP protocol layer in IM
    ... In such case he has no option, other than dealing with MAC addresses, and, ... The proper way to do this is to add your IPv4 header, ... IPv4 header will be larger than the MTU. ... After prepending IPv4 header and UDP header to the original IPv6 packet, ...
    (microsoft.public.development.device.drivers)
  • Re: Ip forwarding
    ... Packets that are meant to be forwarded by a router must be sent to its MAC address on the link. ... The gateway column optionnally contains the address of the next hop router if the destination is not directly reachable on the network attached to the output interface. ... In both cases the packet is sent on the link to the next hop MAC address. ...
    (comp.os.linux.networking)
  • [Tool] - Nat Probe
    ... and detect all the host that allow it. ... When we use a Gateway, we send the packets with IP dest of the target, ... but the dest mac on the ethernet is the mac at the Gateway. ... If we send a packet to the diferents macs in the lan, ...
    (Pen-Test)
  • RE: Transfer a sending packet to upper TCP/IP protocol layer in IM
    ... This is a reasonable solution if the OP wants to avoid dealing with MAC ... IPv4 header will be larger than the MTU. ... After prepending IPv4 header and UDP header to the original IPv6 packet, ...
    (microsoft.public.development.device.drivers)
  • Linksys WET11 crashes when sent an ethernet frame from its own MAC address
    ... Product: Linksys WET11 ... Linksys WET11 crashes when sent an ethernet frame from its own MAC address ... Packet Analysis (This is really unrelated to the problem, ...
    (Bugtraq)