{"id":44,"date":"2017-12-19T18:22:06","date_gmt":"2017-12-19T18:22:06","guid":{"rendered":"https:\/\/hegars83.wordpress.com\/?p=44"},"modified":"2018-06-14T16:57:18","modified_gmt":"2018-06-14T16:57:18","slug":"network-brouting","status":"publish","type":"post","link":"https:\/\/blog.hegars.com\/?p=44","title":{"rendered":"EBTABLES"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-45\" src=\"http:\/\/blog.hegars.com\/wp-content\/uploads\/2017\/12\/broute-1.png\" alt=\"broute\" width=\"1174\" height=\"666\" srcset=\"https:\/\/blog.hegars.com\/wp-content\/uploads\/2017\/12\/broute-1.png 1174w, https:\/\/blog.hegars.com\/wp-content\/uploads\/2017\/12\/broute-1-300x170.png 300w, https:\/\/blog.hegars.com\/wp-content\/uploads\/2017\/12\/broute-1-768x436.png 768w, https:\/\/blog.hegars.com\/wp-content\/uploads\/2017\/12\/broute-1-1024x581.png 1024w\" sizes=\"(max-width: 1174px) 100vw, 1174px\" \/><br \/>\nLayer2 Based NAT<\/p>\n<p>&nbsp;<\/p>\n<p>broute.sh<br \/>\n#\/bin\/bash<\/p>\n<p>ETH0MAC=11:11:11:11:11:11<\/p>\n<p>VM1IP=2.2.2.2<br \/>\nVM1MAC=22:22:22:FF:FF:FF<br \/>\nVNET0MAC=22:22:22:00:00:00<\/p>\n<p>VM2IP=3.3.3.3<br \/>\nVM2MAC=33:33:33:FF:FF:FF<br \/>\nVNET1MAC=33:33:33:00:00:00<\/p>\n<p>#br0 Link encap:Ethernet HWaddr 11:11:11:11:11:11<br \/>\n#eth0 Link encap:Ethernet HWaddr 11:11:11:11:11:11<br \/>\n#vnet0 Link encap:Ethernet HWaddr 22:22:22:22:22:22<br \/>\n#vnet1 Link encap:Ethernet HWaddr 33:33:33:33:33:33<\/p>\n<p>#ebtables -t broute -A BROUTING -p ipv4 -i vnet0 &#8211;ip-dst 2.2.2.2 -j DROP<br \/>\n#ebtables -t broute -A BROUTING -p arp -i vnet0 -d fe:54:00:27:37:b1 -j DROP<br \/>\n#ebtables -t broute -A BROUTING -p arp -i vnet0 &#8211;arp-ip-dst 2.2.2.2 -j DROP<\/p>\n<p>#ebtables -t broute -A BROUTING -p ipv4 -i vnet1 &#8211;ip-dst 3.3.3.3 -j DROP<br \/>\n#ebtables -t broute -A BROUTING -p arp -i vnet1 -d fe:54:00:64:25:88 -j DROP<br \/>\n#ebtables -t broute -A BROUTING -p arp -i vnet1 &#8211;arp-ip-dst 3.3.3.3 -j DROP<\/p>\n<p>echo &#8220;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;&#8221;<br \/>\necho &#8220;Flushing EB nat Table&#8221;<br \/>\nebtables -t nat -F<\/p>\n<p>echo &#8220;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;&#8221;<\/p>\n<p>echo &#8220;Inserting Rules&#8221;<br \/>\nebtables -t nat -A POSTROUTING -o eth0 -j snat &#8211;to-src $ETH0MAC &#8211;snat-arp &#8211;snat-target ACCEPT<\/p>\n<p>ebtables -t nat -A PREROUTING -p IPv4 -i eth0 &#8211;ip-dst $VM1IP -j dnat &#8211;to-dst $VM1MAC &#8211;dnat-target ACCEPT<br \/>\nebtables -t nat -A PREROUTING -p ARP -i eth0 &#8211;arp-ip-dst $VM1IP -j dnat &#8211;to-dst $VM1MAC &#8211;dnat-target ACCEPT<\/p>\n<p>ebtables -t nat -A PREROUTING -p IPv4 -i eth0 &#8211;ip-dst $VM2IP -j dnat &#8211;to-dst $VM2MAC &#8211;dnat-target ACCEPT<br \/>\nebtables -t nat -A PREROUTING -p ARP -i eth0 &#8211;arp-ip-dst $VM2IP -j dnat &#8211;to-dst $VM2MAC &#8211;dnat-target ACCEPT<\/p>\n<p>echo &#8220;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;&#8221;<\/p>\n<p>echo &#8220;Saving Atomic file for reload at boot&#8221;<br \/>\nEBTABLES_ATOMIC_FILE=\/etc\/network\/ebtables-atomic ebtables -t nat &#8211;atomic-save<br \/>\n#reload on boot in \/etc\/rc.local<br \/>\n#EBTABLES_ATOMIC_FILE=\/etc\/network\/ebtables-atomic ebtables -t nat &#8211;atomic-commit<\/p>\n<p>echo &#8220;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;&#8221;<br \/>\necho &#8220;Showing nat Table&#8221;<br \/>\necho &#8220;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;&#8221;<br \/>\nebtables -t nat -L<br \/>\necho &#8220;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;&#8221;<br \/>\necho &#8220;&#8221;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Layer2 Based NAT &nbsp; broute.sh #\/bin\/bash ETH0MAC=11:11:11:11:11:11 VM1IP=2.2.2.2 VM1MAC=22:22:22:FF:FF:FF VNET0MAC=22:22:22:00:00:00 VM2IP=3.3.3.3 VM2MAC=33:33:33:FF:FF:FF VNET1MAC=33:33:33:00:00:00 #br0 Link encap:Ethernet HWaddr 11:11:11:11:11:11 #eth0 Link encap:Ethernet HWaddr 11:11:11:11:11:11 #vnet0 Link encap:Ethernet HWaddr 22:22:22:22:22:22 #vnet1 Link encap:Ethernet HWaddr 33:33:33:33:33:33 #ebtables -t broute -A BROUTING -p ipv4 -i vnet0 &#8211;ip-dst 2.2.2.2 -j DROP #ebtables -t broute -A BROUTING -p arp -i vnet0 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[6,2],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/posts\/44"}],"collection":[{"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=44"}],"version-history":[{"count":2,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/posts\/44\/revisions"}],"predecessor-version":[{"id":187,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/posts\/44\/revisions\/187"}],"wp:attachment":[{"href":"https:\/\/blog.hegars.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=44"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=44"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=44"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}