On Sun, Jul 11, 2004 at 13:49:06 -0500, Jeff Vian <jvian10@xxxxxxxxxxx> wrote: > On Sun, 2004-07-11 at 02:47, Donald Ray Lott wrote: > > MAC are embedded into each NIC. Each company/brand has it's own > > numbering prefix and every NIC number is surposed to be unique. No other > > NIC in the world will have another NIC's MAC. > > > > This is "in fact" true (hardware wise). > However, Linux allows the network interface to masquerade with a > different mac address than the physical embedded address. > > Another point of fact though, is that a NIC can never have more than one > MAC address at a time, regardless of whether it is the physical address > or the masqueraded one. I haven't played with it, but there is supposed to be a bridge module available for the kernel that lets your machine pass layer 2 packets around between interfaces. This should leave the mac addresses unchanged as it wouldn't work otherwise. You are supposed to be able to do filtering on these packets as well, so the machine acting as a bridge can also be a firewall. If he is just using dynamic addresses in the first place, it might be simpler to just have the firewall have an external address and NAT for other machines on the local network.