0

i have the weird problem that certain incoming packets get forwarded to my internal netwerk with the right internal IP but when using wireshark i see that the MAC address is set to the routers default gateway.

Setup: <<< Internet server>>> <<< CISCO 90.200.100.1 >>> <<< Draytek 90.200.100.2 / 192.168.1.1 >>> <<< Internal device 192.168.1.50 >>>

Def GW Draytek: 90.200.100.1
Def GW internal devices: 192.168.1.1

So packets come from the internet server, get to the draytek, then the draytek forwards them inward with ip 192.168.1.50 BUT with the MAC from the Cisco (90.200.100.1).

Draytek routing table:

Key: C - connected, S - static, R - RIP, * - default, ~ - private
* 0.0.0.0/ 0.0.0.0 via 91.219.111.1 WAN1
C 90.200.100.0/ 255.255.255.224 directly connected WAN1
C~ 192.168.1.0/ 255.255.255.0 directly connected LAN
voretaq7
  • 79,879
  • 17
  • 130
  • 214
marshallq
  • 1
  • 1

1 Answers1

3

That's normal.

I'm not sure if I should say anything else on this or not, but I can edit to elaborate if you need me to.

EDIT for elaboration: MAC addresses are not transmitted across layer 3 (routed) boundaries. They are only used to transmit frames within a single broadcast domain. MAC addresses are (generally) hard coded into a device which makes them useless for routing information on the Internet. Therefore, the MAC address information is stripped at the gateway.

Basically: When a packet is transmitted within a subnet, the MAC address is used by the network to route it. When you go outside your immediate subnet, then the IP is used.

Hyppy
  • 15,608
  • 1
  • 38
  • 59
  • 2
    +1, For clarity, the MAC-From should (normally) always be from the host that's sending the packet, in this case the router. The MAC-To should always be the MAC of the host on the local network the packet is going to. IPs and MACs are not globally tied, they operate independently at different layers of the OSI model. – Chris S Mar 23 '11 at 13:28
  • Thanks allot for all the feedback but i don't think i've written down the problem in a good way because i don't think you get my problem. Host (aka internal device): 192.168.1.50 with mac 11:00 Cisco: 90.200.100.1 with mac 00:01 What happens is that a incoming packet from the internet on the draytek gets forwarded to my internal network with ip 192.168.1.50 as destination ip and 00:01 as dest mac. While the dest mac should be 11:00. Ps. I think the draytek messed up somewhere. We did 7 days of logging for some hardware tests and it only happened during 1 day. But i like to learn from it :) – marshallq Mar 23 '11 at 18:04
  • Post the ARP table from the Draytek. – Hyppy Mar 23 '11 at 18:07
  • @Hyppy why do you need it? The problem only happened once in all of our tests (tested 7 days with turning off/on devices during the night). – marshallq Mar 24 '11 at 06:34
  • Ahh, I guess I missed the "once in 7 days" part, sorry – Hyppy Mar 24 '11 at 12:00
  • Well thanks again for the replies Hyppy, i've submitted a support request to Draytek because the issue seems to be in their router. – marshallq Mar 24 '11 at 14:12