Hello, Micha a écrit :
Am i right that locally generated traffic never has a MAC address (besides 00:00:00:00:00:00:00:00:00:00:00:00:08:00 ) even for traffic from/to theown 'external' IP, that is, the physical NIC attached to the gateway (like, eth0=192.168.1.2) ? It never can be sniffed, for example ?
I'm not sure I understand what you mean. Obviously, locally generated packets have hardware source and destination address, if applicable (not all link types have hardware addresses). But, if that's what you mean, the hardware source and destination addresses are not visible in the iptables chains and logs. However they are visible with a packet sniffer, such as tcpdump with the -e option.
If i send to 192.168.1.2, what happens in the kernel router ?
The packet is routed through the loopback interface (lo), just like any locally generated packet with a local destination address. The hardware source and destination address are the loopback interface "hardware" address, 00:00:00:00:00:00. Loopback routing of local addresses is due to the presence of a local route for each local address in the 'local' routing table. The content of this table, which also contains the broadcast routes, can be displayed with the following command :
ip route list table local
And is there any significant difference to 127.0.0.1 traffic ?
Not really.