Business case:
This is year 2015, and I am using Linux kernel 3.17. My ARM Linux has two NIC, eth0 and eth1. eth0 is for configuration purpose locally for a person next to it, and eth1 is for configuration purpose from remote. So they are basically same function, except eth0 has a person to plug in the cable in the field.
Local PC ------ [eth0 My ARM Linux Computer eth1] ------ Remote PC
Using eth0, the PC software can configure eth1 IP address and port for configuration. To do that, my eth0 has a preset IP address (192.168.1.2) so the PC software can easily find it. The ARM Linux (3.17) application needs to listen on eth0 port A, and eth1 Port B (if configured), and once connected, will respond, but never initiate any activity (not even ping).
There is no connection between local PC and remote PC. They are not supposed to be bridged, or networked.
Question 1:
If eth1 is configured with same IP as eth0, will my application still able to listen on both NIC ports, and correctly respond? I will have two independent threads (maybe same function, but different parameters) to listen on the two NIC ports.
This is why I ask whether I can specify the NIC when connect, and respond, because now you can see they could have same IP address. Ideally, the OS knows where is the connect request is from, so it should know which way to reply to, even if the two NIC have same IP as long as they have different Ethernet address. But, does C++11 or Berkeley model allow me to specify eth0 or eth1 when I listen and reply?
Now, the local PC and remote PC could have same IP address as well (but different from the ARM Linux). But imagine I have two ARM Linux computers, then this configuration is completely ok. But unfortunately I only have one embedded system and one OS with eth0 and eth1.
Question 2:
If answer to question 1 is no, then can they have same subnet mask? Also, can the local PC and remote PC have same IP address?
Assumption
Setting routing table, is a solution, if works. I wanted to know whether it is feasible and also whether it is recommended not to do it.
Also, this is Linux. Similar questions were asked long time ago for Windows, and Windows XP says (no) and I am using Linux 3.17 and I have same IP address so things are different from similar questions.
At the system level, you can configure a bridge on the mediating box. This can have the same IP address on both sides of the bridge and can be locked down using iptables to only respond to particular TCP/UDP ports.
You can't have systems on both sides of the bridge with the same IP address (i.e. the local pc and remote pc can't have the same IP address). You can use ebtables to limit the access on either side of the bridge to the IP address of the bridge itself, which means that the local pc can only talk to the mediating box and the remote pc can only talk to the mediating box.
This is based on never expecting the local and remote pcs to talk to each other.
It's mostly a sys-adminny solution, though, there's not really an API that you could use as a developer to accomplish the same thing.
Related
I am trying to set up OPNSense VM inside a Proxmox, which is running in a Azure VM with nesting enabled. I have my reasons to do it, so please spare me the "why not go native" questions.
Since azure VMs don't support vIOMMU (note the "v" in vIOMMU stands for virtualized IOMMU, for L2 instances), I cannot pass the interface further from Proxmox to OPNSense, so I need to get by using bridges.
The host setup is:
WAN over eth0
vmbr0 with eth0 assigned to it
The bridged interfaces are in promiscuous mode.
The actual configuration is:
iface eth0 inet manual
auto vmbr0
iface vmbr0 inet manual
bridge-ports eth0
bridge-stp off
bridge-fd 0
The guest configuration is:
VirtIO NIC attached to vmbr0, with MAC overridden using same
address as the eth0
Firewall: NO
MAC Filter: NO
Running dhclient on eth0 or vmbr0 correctly discovers and assigns an IP address.
Now, I am trying to get the OPNSense in a VM to get that IP address instead and to relay its traffic via the vmbr0 transparently outside of the host. I have done something very similar previously between OpenWRT running in a VM and another VM, using OpenWRT's "trivial relay" (kmod-trelay, see https://forum.openwrt.org/t/howto-kmod-trelay/49610/2, also https://github.com/openwrt/openwrt/commit/c3bba7f8c61ee98265bcffef8ee86e22aa89bbe9), and despite that this particular case is much simpler, I can't get the VM to communicate with the ISP properly. I tried simply by spoofing the eth0's MAC address by setting the OPNSense VM's interface to it, but that's not enough.
I also checked the traffic on both ends using tcpdump, and, interestingly, vmbr0 does see the DHCP requests coming from the VM, and the ISP does respond, but that response never reaches the VM, nor the tap interface corresponding to the VM that Proxmox assigned to the bridge.
What am I missing here?
FYI, the solution was to use macvtap in passthru mode. Alternative would be to use ipvtap if I needed more VMs to share the same MAC address.
Although some similar questions have been asked here, none of them seem to solve my problem, so I've decided to specify my case in a new question.
(Please keep in mind that I am a beginner in computer networks) I have 5 machines I want to connect to each other. I am using a switch to do so.
My first problem is that among 4 of the machines, 3 of them seem to have the same Broadcast and can hence communicate with each other. But 1 of them has a completely different broadcast and cannot communicate with any of the machines (although all 4 are connected to the same switch...). Note that all 4 machines have the Gentoo linux distribution.
Moreover, the fifth machine (which has Ubuntu linux distribution) doesn't even seem to have an ip assigned to itself. When I do "ifconfig" I don't get the eth0 interface but enp0s25 instead, where the inet addr is not specified.
I guess if I can determine the same broadcast in all 5 machines I will be able to obtain a propoer connection between the machines.
Thank you for your time
You have to check if your PCs are in the same network maybe that is the reason you have different broadcast address. Check if your IP and Netmask are correct. Read this link for more information IP Addressing and Subnetting for New Users
Example:
Network - Broadcast
192.168.1.0/24 -> 192.168.1.255
192.168.1.0/25 -> 192.168.1.127
192.168.1.127/25 -> 192.168.1.255
In the examples look like all are in the same network but in reality are in different networks/sub-networks
About you eth0 check if your interface is using a static or DHCP IP.
check the configuration file:
/etc/network/interfaces
I have multiple devices with the same hardware mac address (in factory reset mode) that all call a tftp server in order to get a proper mac.
On the same nic, there would obviously be no way to differentiate the devices, however, i have one device per nic. I evaluated these options to use that fact:
SO_BINDTODEVICE
Binding the tftp server on each nic separately would probably still not give me a way to respond with a package to the sender, since linux' arp table would be confused about which nic to send that package out from.
net namespaces
Linux does not allow bringing physical interfaces into a net namespace. only veths, which again would need to be bridged on the 'host' side, which will probably not work with the same mac appearing on multiple physical nics.
Am i missing an option here?
I'm currently trying to route my internet traffic from my Windows laptop(192.168.1.73) to my other laptop running Kali Linux(192.168.1.64), both on the same network. The idea is the Linux laptop would anonymise the traffic sent, possibly hiding my IP in some way. I'm stuck on how to exactly go about this. I've tried using OpenVPN but to no avail.
192.168.1.x is not public IP subnet. So both your computers are in local net. And so one or both have yet default gateway address for access to Internet and another networks. If you want route Internet traffic through the Windows Laptop to Linux computer you have to setup the Windows IP address like default gateway for Linux computer.
Then on Windows you can used two options for access to Internet for Linux:
1. enabled routing functions use Windows like just router
2. used third party software (like Wingate etc) use Windows like NAT proxy
In the first option the Linux IP address will be view at ISP devices
In the second option the Linux IP address will be change on Windows IP adress
The first is very simple for management. The second is harder.
But I don't understood why it all. If you wanna more security in Internet network you can use https://www.whonix.org/wiki/Download and get maximum security level.
I'd honestly trash this idea and use Tor browser instead, you will be 100% anonymous if you follow the guidelines on their website.
The Tor project:
https://www.torproject.org/
Tips on staying anonymous:
https://www.torproject.org/about/overview.html.en#stayinganonymous
Well and if you seriously want to route the traffic to your Kali machine, use some built-in MITM tools (eg. Arpspoof), but be aware, that this will NOT make you anonymous to the outside (Internet).
Here is how you set-up the MITM, but without the intercepting of traffic:
First, we need to forward all the trafic that the Kali machine recieves to the internet
sysctl -w net.ipv4.ip_forward=1
Then you need to send the forged ARP replies
arpspoof -i [Network Interface Name] -t [Windows IP] [Router IP]
So it should look something like this, you can find the router ip by running the command ifconfig (look for "default gateway")
arpspoof -i wlan0 -t 192.168.1.73 192.168.1.1
Then it should be up and running, tunneling you through the Kali machine.
I have just installed an virtual Linux system. I was trying to access is from a different location but I could get trough.
When I have looked up the ip-address (ifconfig) on the system, which is:
inet addr: 10.0.2.15
but I still cant seem to manage it. Can anyone help?
It depends on virtualizing software you're using, but address pretty much looks like NATed. In that case you can't directly access it, unless you'll configure VM to map virtual network controller directly to host network.
What do you mean with different location? 10.x.x.x are private IP addresses, which can only be accessed within its subnet. What IP address does the host system have?
If the host system is within 192.168.x.x subnet, then an outside computer cannot know how to access 10.x.x.x when there is no route. You have then to set up NAT on your host computer.
A more easier approach would be to use bridged networking which will then eventually get an IP address through DHCP from your router (or whatever you might have).