Layer2 Based NAT
broute.sh
#/bin/bash
ETH0MAC=11:11:11:11:11:11
VM1IP=2.2.2.2
VM1MAC=22:22:22:FF:FF:FF
VNET0MAC=22:22:22:00:00:00
VM2IP=3.3.3.3
VM2MAC=33:33:33:FF:FF:FF
VNET1MAC=33:33:33:00:00:00
#br0 Link encap:Ethernet HWaddr 11:11:11:11:11:11
#eth0 Link encap:Ethernet HWaddr 11:11:11:11:11:11
#vnet0 Link encap:Ethernet HWaddr 22:22:22:22:22:22
#vnet1 Link encap:Ethernet HWaddr 33:33:33:33:33:33
#ebtables -t broute -A BROUTING -p ipv4 -i vnet0 –ip-dst 2.2.2.2 -j DROP
#ebtables -t broute -A BROUTING -p arp -i vnet0 -d fe:54:00:27:37:b1 -j DROP
#ebtables -t broute -A BROUTING -p arp -i vnet0 –arp-ip-dst 2.2.2.2 -j DROP
#ebtables -t broute -A BROUTING -p ipv4 -i vnet1 –ip-dst 3.3.3.3 -j DROP
#ebtables -t broute -A BROUTING -p arp -i vnet1 -d fe:54:00:64:25:88 -j DROP
#ebtables -t broute -A BROUTING -p arp -i vnet1 –arp-ip-dst 3.3.3.3 -j DROP
echo “—————————–”
echo “Flushing EB nat Table”
ebtables -t nat -F
echo “—————————–”
echo “Inserting Rules”
ebtables -t nat -A POSTROUTING -o eth0 -j snat –to-src $ETH0MAC –snat-arp –snat-target ACCEPT
ebtables -t nat -A PREROUTING -p IPv4 -i eth0 –ip-dst $VM1IP -j dnat –to-dst $VM1MAC –dnat-target ACCEPT
ebtables -t nat -A PREROUTING -p ARP -i eth0 –arp-ip-dst $VM1IP -j dnat –to-dst $VM1MAC –dnat-target ACCEPT
ebtables -t nat -A PREROUTING -p IPv4 -i eth0 –ip-dst $VM2IP -j dnat –to-dst $VM2MAC –dnat-target ACCEPT
ebtables -t nat -A PREROUTING -p ARP -i eth0 –arp-ip-dst $VM2IP -j dnat –to-dst $VM2MAC –dnat-target ACCEPT
echo “—————————–”
echo “Saving Atomic file for reload at boot”
EBTABLES_ATOMIC_FILE=/etc/network/ebtables-atomic ebtables -t nat –atomic-save
#reload on boot in /etc/rc.local
#EBTABLES_ATOMIC_FILE=/etc/network/ebtables-atomic ebtables -t nat –atomic-commit
echo “—————————–”
echo “Showing nat Table”
echo “—————————–”
ebtables -t nat -L
echo “—————————–”
echo “”