On Sun, May 22, 2005 at 11:29:19PM +0300, Dmitriy Sirant wrote: > There ASCII picture of mine network: > > > Clients Clients > | | > eth1, eth1:0 eth2, eth2:0 > | | > ---------- ---------- ---------- > |server 1|--eth0-------eth2--|server 2|--eth1-------eth0--|server 3| > | AS 2 | | AS 2 | | AS 2 | > | pmacct | | pmacct | | | > ---------- ---------- ---------- > | | > eth3 eth0 > | | > AS 1 AS 1 > | | > Internet Internet
If a Client packet reaches 'server 2' transiting through 'server 1', then it will contain a source IP of the Client and a source MAC address of the eth0 card of 'server 1' (the vice-versa is also true: a packet going to a Client and transiting through 'server 1' and 'server 2', once arrived on 'server 1' will have a destination IP of the Client and a source MAC address of eth2 card of 'server 2'). Said this all, the problem can be easily solved by using the 'pcap_filter' directive. On 'server 2', for example, you may add a filter like the following one (maybe it will need to be slightly modified in order to work corectly): 'pcap_filter: net <Clients network> and not ether src <eth0 MAC address>' Cheers, Paolo
