How to make iptables DNAT work with macvlan

linux iptables

I'm stuck with an AT&T gateway that doesn't understand a MAC can have more than 1 IP address. So I'm using macvlan on linux to add ports with different mac addresses.

This seem to work for local connections to the macvlan ports. But, when I try and DNAT them into a private DMZ the packets seem to disappear. I have ip_forwarding turned on and other outgoing packet forwarding is working.

I've used tcpdump and trace in iptables to no avail. The DNAT rule fires, then the packets never emerge anywhere.

I'm running Centos 6.3.


I finally solved this. Turns out all the wacky network shenanigans caused by trying to forward macvlan traffic tripped up the kernel reverse path filter causing it to drop the packets. I had to set rp_filter = 0 for any interface the traffic traversed.

Related

Changing the I/O scheduler for a specific disk
How to determine the cause of stuck `D` status processes?
Batch configure HP ILO from laptop
Nginx: How to limit request rate based on user agent
SSH multiplex timeout configuration
DEB: "Provides:" field ignored
mysql master-slave setup with synchronous replication
How to corrupt an ext3 partition so that it will undergo fsck to fix automatically at boot? [closed]
NFSv4 Symbolic link under virtual root
Apache kerberos authentication to Active Directory not happening. (Is KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN related?)
Fibre Optic Cabling - Where to start?
Central Authentication For Windows, Linux, Network Devices