[CentOS] iptables: forwarding on internal device

Tue Feb 10 20:36:42 UTC 2009
John <jses27 at gmail.com>

> -----Original Message-----
> From: centos-bounces at centos.org 
> [mailto:centos-bounces at centos.org] On Behalf Of Marcus Moeller
> Sent: Tuesday, February 10, 2009 2:49 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] iptables: forwarding on internal device

> 
> I have defined a route to LAN2 over a gateway in LAN1 (same network
> segment) and all machines in LAN2 have the CORE-ROUTER
> defined as default gw which itself got a last resort to the 
> LINUX_ROUTER.
> 
> > Only other thing you can do is start from scratch. Save all 
> your rules and
> > add them one at a time. If you can't have it off the 
> network reduce the
> > rules to a bare minimum. Are the switches configured correct?
> 
> I wonder if netfilter just drops a package if it's response comes from
> a different MAC address.
----
Sure it Could Happen

IF, you have 3 routers between your source and destination
machines. Your destination machine will see the MAC address of
the third-on-the-way router, not your original machine. This make sense to
you?
In other words every time a packet hits a new ip it is changed along with
the MAC.
MAC Spoofing Kinda.

But I would not think that netfilter JUST DROPS it for the heck of it.

JohnStanley