andi- has quit [Remote host closed the connection]
andi- has joined #nixos-on-your-router
stites[m]1 has joined #nixos-on-your-router
<betawaffle>
andi-: is HAT a thing (hardware address translation)? translating mac addresses going in and out of a port
<andi->
I am certain some ASIC is capable of doing that but no idea where I'd reach for that or what for :D
<andi->
I know what you need it for tho..
<betawaffle>
i don't *need* it, but it'd be nice to have packets coming out of the att router modified so they don't confuse my router (which has to spoof that mac)
<andi->
you could probably get some FPGA and program that
<betawaffle>
i bet i could do it in nftables ingress
<betawaffle>
basically, i only allow the 802.1x auth traffic, and that's it
<betawaffle>
then i have the lan port hooked up to my regular lan-side switch, and use that for getting to the management interface
<betawaffle>
(that has a different mac address, so no issues)
<andi->
ok, and which issues are you trying to solve now?
<betawaffle>
i'd like to make the att router _think_ it's connected to the internet. not that important, though
<andi->
well can't you do IP forwarding for that device?
<andi->
and wouldn't that be sufficient?
<andi->
it is probably trying to talk to the "wrong" mac?
<betawaffle>
it well, if i let the traffic out unmodified, my router will see the mac address it's spoofing and think that traffic is for it
<betawaffle>
same with the public ip
<andi->
mhm
<andi->
should be able to rewrite this in some chain
<andi->
you'll have to add the mac to the interface and then do modifications in the raw chain or something like that
<andi->
map all the packets from the ONT to some address and source nat it when you leave the real interface
<betawaffle>
i think i'm gonna ignore this for now and go back to getting my dhcp server configured
<betawaffle>
so, here's the other weird bit
<betawaffle>
i've got the lan port on the att router hooked up to one of my switches. untagged packets go to vlan 2, and i've got tagged packets for vlan 3 on that port too
<betawaffle>
the vlan 2 part works fine, and those come out with a :20 mac
<betawaffle>
but the vlan 3 one comes out with a :22 mac, and it's actually trying to DHCP from me
<betawaffle>
but my replies are ignore, or rejected. also, why would it be using vlan 3, instead of some other vlan?
<betawaffle>
is my switch translating tagged traffic (for some other vlan) to vlan 3 for me somehow?
<andi->
I guess that depends on the switch?
<betawaffle>
i need to figure out how to capture some traffic from that port
<andi->
what switch is it?
<andi->
Maybe it has some kind of monitor mode
<betawaffle>
it's a ubiquiti edgeswitch 24 lite
<andi->
Another alternative is a passive ethernet tap but those only to 10/100 Mbit
<andi->
(which should be sufficient)
<betawaffle>
i can do port mirroring
<betawaffle>
OHHH
<betawaffle>
i configured a mac-based vlan, that's why
<betawaffle>
so i guess this is traffic that's untagged, but uses a different mac address
sorki has joined #nixos-on-your-router
sorki has quit [Remote host closed the connection]
sorki has joined #nixos-on-your-router
sorki has quit [Remote host closed the connection]
sorki has joined #nixos-on-your-router
sorki has quit [Remote host closed the connection]
sorki has joined #nixos-on-your-router
maljub01 has quit [Quit: Ping timeout (120 seconds)]