Outgoing MAC on WAN interface

fischerman · May 6, 2018, 2:33pm

I have the following setup:

WAN eth0: static ip1 mac1
WAN peth0: static ip2 mac2
LAN eth1: internal network

I use the two WAN IPs to do destination NAT, that is, I forward traffic to different internal hosts depending on the WAN IP. Recently my ISP (Hetzner) enforced that the MAC of outgoing packets must match the source IP. With the current configuration all outgoing packets have mac1. Here is a tcpdump of a ping:

12:42:55.466661 gw > mac2, ethertype IPv4 (0x0800), length 98: client > ip2: ICMP echo request, id 12151, seq 29, length 64
12:42:55.466753 mac1 > gw, ethertype IPv4 (0x0800), length 98: ip2 > client: ICMP echo reply, id 12151, seq 29, length 64

How can I make the MAC match the outgoing IP?

Although I don’t need WAN load balancing I set it up to try the sticky-connections feature. No change.

Here is a simplified configuration:

interfaces {
  ethernet eth0 {
    address ip1
    mac mac1
  }
  pseudo-ethernet peth0 {
    address ip2
    link eth0
    mac mac2
    mode private
  }
  ethernet eth1 {
    address 10.1.1.254/24
  }
}
wan {
 interface-health eth0 {
     nexthop gw1
 }
 interface-health peth0 {
     nexthop gw2
 }
 rule 10 {
     inbound-interface eth1
     interface eth0 {
     }
     interface peth0 {
     }
 }
 sticky-connections {
 }
}
nat {
  destination {
    rule 10 {
      destination {
       address ip1
      }
      inbound-interface eth0
      ...
    }
  }
}

Vyos Version: VyOS 1.1.8

fischerman · May 24, 2018, 1:39pm

Does someone have an idea what I could try?

fischerman · May 26, 2018, 8:23am

Turns out that the sticky-connections setting actually works
Only ping doesn’t work because it’s not NATed

system · September 29, 2019, 10:50am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.