Masquerading MAC addresses

Nathan Robertson nathan at
Mon Oct 28 23:57:43 UTC 2019


I have an interesting issue that I'm hoping that somebody might be able to
point me in the right direction on. Even just a pointer or two, or where to
go ask. I've got a situation where my VPS provider is packet filtering my
traffic based on MAC address, and as a result are dropping my jail traffic
(as FreeBSD bridges traffic from the jail to the network using the jail's
MAC address). I need a way to essentially masquerade the MAC address for
outbound traffic on the host interface to get past the VPS vendors firewall.

Basically, I need vnet jails with IP addresses to use the host adapters MAC
address for outbound connections (think of it as masquerading / NAT of MAC
addresses). On Linux, it looks like ebtables can do it (MAC NAT - I can see ipfw
supports packet filtering based on MAC address, but I can't find anything
on packet mangling.

Any idea of where I should look or who I could ask about MAC NAT on FreeBSD?

Thanks for any help provided. This one's really starting to do my head in.


More information about the freebsd-questions mailing list