Bridge or Router? Which one would solve MAC limitation?

Forums Network Management Bridges and Routers Bridge or Router? Which one would solve MAC limitation?

  • This topic is empty.
Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
  • #43945

    I have a stupid ISP that offers multiple IPv4 addresses in a /29 but I highly suspect their cable modem only recognizes up to two unique MAC addresses. If I try to connect a third device I randomly lose connectivity to at least one of the three.

    To work around this I thought about setting up a Zeroshell bridge. My ZS installations are all virtual machines using emulated Intel E1000 NICs, so my first attempt had three NICs:

    ETH00: Management interface
    ETH01: Internet-facing
    ETH02: Sandbox
    BRIDGE01: Comprises of ETH01 and ETH02

    Disregard QoS for the moment, or at least assume defaults for it so packets can get passed between ETH01 and ETH02 unaffected.

    I might be unclear on the concept, but I thought I would be able to connect a device (or another VM) to the sandbox switch at ETH02 and then be able to ping the default gateway connected to the same switch as ETH01 from it. I cannot. And if I assign BRIDGE01 one of the public IPs, I can ping it from a device on the internet-facing switch but not on the sandbox switch. I made sure I could ping any IP attached to ETH01 or ETH02 from their respective side before creating the bridge.

    If bridging isn’t the answer, I could instead assign all five of my available IPv4 addresses to an internet-facing interface, and then NAT / PAT five different private networks behind them. This would assign all five IPs to a single MAC address. The question then becomes, how do I translate one specific IPv4 public address to one specific private network? I’d like to turn that into something like this:

    ETH00: Management Network
    ETH01: Internet (w.x.y.26-30/29) Gateway: w.x.y.25
    ETH02 through 06: Private networks (192.168.xx.0/24)

    This is all virtualized, so you can assume I don’t have six physical switches or such. I do have one VLAN-capable switch and my ESXi server has virtual switches mapped to each VLAN; that much works as intended.


    I believe that you could do something, eg. translate more private networks to specific public ip addresses, don’t set any NAT via gui, but, in Scripts/Cron>> NAT and Virtual Servers script , eg.

    iptables -t nat -A POSTROUTING  -o ETH01 -s    -j SNAT --to-source w.x.y.26
    iptables -t nat -A POSTROUTING -o ETH01 -s -j SNAT --to-source w.x.y.27
    iptables -t nat -A POSTROUTING -o ETH01 -s -j SNAT --to-source w.x.y.28

    But maybe I’ve missed something…


    I’d have to agree redfive, as the existing NAT GUI is pretty simplistic and I already have to do this if I want to permit NAT hairpinning, that is, permit internal access to internal servers via their external IPv4 addresses.

    So I could do this using routing instead of bridging that way.

Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.