Hi all,

I have a simple bridge with 3 interfaces and I'd like to make some bridge dst-nat decisions (ie re-write the destination MAC) based on the attributes of the IP connection (not packet).

However, bridges do not track IP connections, rather this function is performed by the IP firewall. I can ask the bridge to use the IP firewall but connection tracking will then take place after the bridge has performed its dst-nat, which is too late.

Does anybody have any suggestions as to how I might achieve this?

Thanks!