i'm triying to imagine how to do:
(with Linux Debian based distro)
I have PC with 4 NIC:
eth0 = Internet Access (connect to router WAN)
eth1 = Local lan
eth2 = OUT NIC
eth3 = IN NIC
I need to send all traffic from eth1 (local lan) to eth2, receive the same traffic from eth3 and route to eth0.
The idea is send all eth1 traffic to external device over eth2, the external device inspect the packets and send to PC again on eth3, then my PC Linux route traffic to eth0
Is posible to do that ?
You're running linux on a PC? We need to know the version first off. Second you are looking into IProutes if you want to redirect traffic from one NIC to another.
Related
I am struggling with a network problem.
My computer needs to be linked to two differents networks. one via PCI the other one via a USB adapter. The pci is the "usual" network, the usb is to use for specific address.
I have tried differents solutions, with dns, multiple wired connection, modifiying /etc/network/interfaces, ...
But I can't manage to have the 2 networking working at the same time.
Do you have any solution. I am working with Debian - jessie.
Cheers
Since you haven't specified any networks, IP addresses or device names, I will use my machine as an example.
I have an IOGear ethernet USB dongle which shows up as device enx0050b6d341bb, and an RTL811 PCI ethernet device which shows up as eth0. eth0 is plugged into the "main" network which has a DHCP server and enx0050b6d341bb is connected to a private switch on my workbench.
If I want to use eth0 to connect to the internet, but use enx0050b6d341bb to connect to anything on network 192.168.168.0/24, /etc/network/interfaces will look like this:
auto lo
iface lo inet loopback
# Obtain DHCP address from server
auto eth0
iface eth0 inet dhcp
# Connect to 192.168.168.0 network
auto enx0050b6d341bb
iface enx0050b6d341bb inet static
address 192.168.168.3
network 192.168.168.0
netmask 255.255.255.0
Since I only have one device using DHCP, my default route will automatically go through that device, which happens to be exactly what I want :-)
solargy#GEPY633007AX:~$ ip route
default via 192.168.10.1 dev eth0
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.67
192.168.168.0/24 dev enx0050b6d341bb proto kernel scope link src 192.168.168.3
The above shows that my default traffic will go through eth0 and that any traffic for addresses in network 192.168.168.0/24 will go through enx0050b6d341bb. To verify that, you can find out which device will be used to communicate with address 192.168.168.2:
solargy#GEPY633007AX:~$ ip route get 192.168.168.2
192.168.168.2 dev enx0050b6d341bb src 192.168.168.3
cache
As you can see, any traffic for 192.168.168.2 will go through enx0050b6d341bb.
I have two network interfaces (e.g. eth0 and eth1) configured as two ends of a bridge in Ubuntu Linux 14.04. They are not assigned with any IP addresses. eth0 is physically connected to a subnet. I want to send UDP packets through eth0 to a subnet connected machine. I create a UDP socket and check that it can successfully bind to eth0 (i.e. setsockopt(socket, SOL_SOCKET, SO_BINDTODEVICE, eth0, strlen(eth0)), and executing sendto() reports success as well. However, the designated target machine cannot receive anything from eth0!!
Is there any Ubuntu tools/commands to trace where the UDP packets go (actually, I did try to use Wireshark. But, Wireshark cannot detect any network interface to capture!)?
And, is there any workarounds, under the situation that eth0 and eth1 must be set as a interconnected bridge with no IP addresses, to make use of eth0 to send UDP packets to other machine with designated IP address and port?
My Linux (Debian) server has eth0 and eth1, and both are on the same subnet.
It receives packets from both interfaces, but it only replies from eth0.
Packets that are sent to eth1 are replied from eth0, and the reply has eth0's src mac and eth1's src IP.
I verified this by sending a ping to eth1 while running tcpdump on the Linux server.
This is a problem because:
Since no packets are sent with a source mac of eth1 (with the exception of the initial arp), the switch forgets the eth1 mac. Then, every packet with the destination mac of eth1 that is received by the switch is broadcasted across the network, flooding it which makes us sad.
I want:
My Linux server to send packets out from both eth0 and eth1. I think the nicest solution is that for each packet we get, we reply from the same interface. Another way to put it is that I want to bind each interface to its IP and MAC - so that it will only send packets from these addresses.
More details:
My Linux server is an ISCSI Target communicating with an ESX which is an ISCSI Initiator - though a Cisco switch. The switch forgets MACs after 5 minutes, and the ESX probably remembers them for 20 minutes (as discussed here and here). So while the ESX remembers the mac of the Linux, the ESX keeps sending ISCSI requests which flood the network, while my server sends ISCSI replies through only one of the interfaces.
This isn't what you asked for, but if you just set up a cron job on the box that did
ping -c 1 -I eth1 <address of eth1's default gateway>
every minute, then you would have at least one packet per minute leaving eth1 with eth1's MAC address on it. -I tells ping to bind to a specific interface, so it won't use eth0 even if that's the preferred route.
I have a dual port ethernet NIC and let's say I have connected 2 ports in a loop and assigned the following IPs to the 2 ethernet interfaces:
eth2 -> 192.168.2.1
eth3 -> 192.168.3.1
I want to send traffic from 1 port to another over the physical network, e.g. ping 192.168.3.1 from 192.168.2.1. However, the TCP/IP stack in the Linux kernel recognizes that these two addresses are local and instead sends the traffic to the loopback adapter, so the traffic never hits the physical network.
The closest I have to a solution is Anastasov's send-to-self patch, which unfortunately, has been discontinued since kernel 3.6 so it won't work on Ubuntu 13.10 (kernel 3.11) for me. I've tried finding rewriting the patch for 3.11, but I can't seem to locate these in the Ubuntu distro:
include/linux/inetdevice.h
net/ipv4/devinet.c
net/ipv4/fib_frontend.c
net/ipv4/route.c
Documentation/networking/ip-sysctl.txt
Is there a way I can get the send-to-self patch to work, or an alternative?
You can use network namespaces for this purpose.
As ip-netns's manpage says:
A network namespace is logically another copy of the network stack,
with its own routes, firewall rules, and network devices.
Following is just a copy of this answer:
Create a network namespace and move one of interfaces into it:
ip netns add test
ip link set eth1 netns test
Start a shell in the new namespace:
ip netns exec test bash
Then proceed as if you had two machines. When finished exit the shell and delete the namespace:
ip netns del test
you can try configuring route table, by running "ip" command:
ip route add to unicast 192.168.3.1 dev eth2
ip route add to unicast 192.168.2.1 dev eth3
new route would be added into route table, and it should be able to take effect before egress routing lookup hit the host-local route between "192.168.3.1" and "192.168.2.1", therefore, the traffic should be sent through physical interface "eth2" and "eth3", instead of loopback "lo"
Never tried myself, but should work.
I have two machines each with two valid network interfaces, an Ethernet interface eth0 and a tun/tap interface gr0. The goal is to start a TCP connection on machine A using interface gr0 but then have the responses (ACKs, etc) from machine B come back over the Ethernet interface, eth0. So, machine A sends out a SYN on gr0 and machine B receives the SYN on its own gr0 but then sends its SYN/ACK back through eth0. The tun/tap device is a GNU Radio wireless link and we just want the responses to come through the Ethernet.
What's the easiest way to accomplish this? I need to research more on TCP/IP, but I was initially thinking that source-spoofing outgoing packets would tell the receiver to respond to the spoofed address (which should get routed to eth0). This would involve routing the IPs from the tun/tap interfaces through gr0 and leave the other traffic to eth0.
We are using Linux and a Python solution would be preferable.
Thanks for looking!
You could add an additional address to the lo interface on each system and use these new addresses as the TCP connection endpoints. You can then use static routes to direct which path each machine takes to get to the other machine's lo address.
For example:
Machine A:
ip addr add 1.1.1.1/32 dev lo
ip route add 2.2.2.2/32 dev eth0 via <eth0 default gateway>
Machine B:
ip addr add 2.2.2.2/32 dev lo
ip route add 1.1.1.1/32 dev gr0
Then bind to 1.1.1.1 on machine A and connect to 2.2.2.2.
You may be interested in enabling logging of martian packets net.ipv4.conf.all.log_martians, and disable reverse path filtering net.ipv4.conf.<interface>.rp_filter on the affected interfaces.
This sysctl vars are accesible via the sysctl utility and/or the /proc filesystem.