Hi,

I've a problem with udp packets (dns queries). I'm testing in a simple configuration.

interface eth4 external,  MAC address 00:1c:7f:32:04:21

corrisponding external router interface, MAC Address c4:7d:4f:d6:55:e1

internal interface eth7,  MAC address 00:1c:7f:32:04:1e

internal client IP Address xxx.xxx.xxx.107, MAC Address 00:0c:29:7f:e1:78

when I do a dns query on 8.8.8.8 I see:

---------------------------------------------

> tcpdump -n -e -i eth7 host 8.8.8.8 and port 53 (INTERNAL INTERFACE)

10:09:34.756268 00:0c:29:7f:e1:78 > 00:1c:7f:32:04:1e, ethertype IPv4 (0x0800), length 70: xxx.xxx.xxx.107.40518 > 8.8.8.8.domain: 30244 [1au] NS? . (28)

---------------------------------------------

tcpdump -n -e -i eth4 host 8.8.8.8 and port 53 (EXTERNAL INTERFACE)

10:09:34.756527 00:1c:7f:32:04:21 > c4:7d:4f:d6:55:e1, ethertype IPv4 (0x0800), length 70: xxx.xxx.xxx.107.40518 > 8.8.8.8.domain: 30244 [1au] NS? . (28)

-------------------------------------------------

and everything is OK

Problems start with the answer:

---------------------------------------------

tcpdump -n -e -i eth4 host 8.8.8.8 and port 53 (EXTERNAL INTERFACE)

10:09:34.766040 c4:7d:4f:d6:55:e1 > 00:1c:7f:32:04:21, ethertype IPv4 (0x0800), length 567: 8.8.8.8.domain > xxx.xxx.xxx.107.40518: 30244$ 14/0/1 NS j.root-servers.net., NS k.root-servers.net., NS b.root-servers.net., NS i.root-servers.net., NS c.root-servers.net., NS g.root-servers.net., NS d.root-servers.net., NS e.root-servers.net., NS f.root-servers.net., NS h.root-servers.net., NS a.root-servers.net., NS m.root-servers.net., NS l.root-servers.net., RRSIG (525)

OK, is external

----------------

BUT I SEE THE SAME MAC ADDRESS ON THE INTERNAL INTERFACE

> tcpdump -n -e -i eth7 host 8.8.8.8 and port 53 (INTERNAL INTERFACE)

10:09:34.766053 00:1c:7f:32:04:21 > c4:7d:4f:d6:55:e1, ethertype IPv4 (0x0800), length 567: 8.8.8.8.domain > xxx.xxx.xxx.107.40518: 30244$ 14/0/1 NS j.root-servers.net., NS k.root-servers.net., NS b.root-servers.net., NS i.root-servers.net., NS c.root-servers.net., NS g.root-servers.net., NS d.root-servers.net., NS e.root-servers.net., NS f.root-servers.net., NS h.root-servers.net., NS a.root-servers.net., NS m.root-servers.net., NS l.root-servers.net., RRSIG (525)

HERE MAC ADDRESS ARE WRONG 

then the internal client do a new request

10:09:39.756179 00:0c:29:7f:e1:78 > 00:1c:7f:32:04:1e, ethertype IPv4 (0x0800), length 70: xxx.xxx.xxx.107.52567 > 8.8.8.8.domain: 39751 [1au] NS? . (28)

and MAC ADDRESS in answer are correct

10:09:39.766554 00:1c:7f:32:04:1e > 00:0c:29:7f:e1:78, ethertype IPv4 (0x0800), length 567: 8.8.8.8.domain > 80.86.52.107.52567: 39751$ 14/0/1 NS a.root-servers.net., NS b.root-servers.net., NS c.root-servers.net., NS d.root-servers.net., NS e.root-servers.net., NS f.root-servers.net., NS g.root-servers.net., NS h.root-servers.net., NS i.root-servers.net., NS j.root-servers.net., NS k.root-servers.net., NS l.root-servers.net., NS m.root-servers.net., RRSIG (525)

and the client receive the answer.

No proxy arp, no cluster

ANY IDEA ? 

fabrizio