Paolo Lucente пишет:
On Sun, May 22, 2005 at 11:29:19PM +0300, Dmitriy Sirant wrote:
There ASCII picture of mine network:
Clients Clients
| |
eth1, eth1:0 eth2, eth2:0
| |
---------- ---------- ----------
|server 1|--eth0-------eth2--|server 2|--eth1-------eth0--|server 3|
| AS 2 | | AS 2 | | AS 2 |
| pmacct | | pmacct | | |
---------- ---------- ----------
| |
eth3 eth0
| |
AS 1 AS 1
| |
Internet Internet
If a Client packet reaches 'server 2' transiting through 'server 1', then
it will contain a source IP of the Client and a source MAC address of the
eth0 card of 'server 1' (the vice-versa is also true: a packet going to a
Client and transiting through 'server 1' and 'server 2', once arrived on
'server 1' will have a destination IP of the Client and a source MAC address
of eth2 card of 'server 2'). Said this all, the problem can be easily solved
by using the 'pcap_filter' directive.
On 'server 2', for example, you may add a filter like the following one
(maybe it will need to be slightly modified in order to work corectly):
'pcap_filter: net <Clients network> and not ether src <eth0 MAC address>'
Thanks, don't know that source mac changed when come throw server. Now
will try.
Thanks.
