0

I'm trying to test a ethernet bridging device. I have multiple ethernet ports on a linux box. I would like to send packets out one interface, say eth0 with IP 192.168.1.1, to another interface, say eth1 with IP 192.168.1.2, on the same subnet.

I realize that normally you don't configure two interfaces on the same subnet, and if you do the kernel routes directly to each interface, rather than over the wire. How can I override this behavior, so that traffic to 192.168.1.2 goes out the 192.168.1.1 interface, and visa-versa?

Thanks in advance!

rj75
  • 1
  • 1
  • 1

3 Answers3

3

Use network namespaces. It feels like running a VM but it's not a VM, just something that look like a separate IP stack.

ip netns add otherhost
ip netns exec otherhost /bin/bash

This will open a shell under the otherhost network namespace. If you examine the network configuration in it, you will see that there is no interface. It's like if you were running a different host.

Now, move the eth1 interface to the otherhost network namespace:

ip link set eth1 netns otherhost

Now, the otherhost namespace has your eth1 interface. Configure it like you would do if it were a separate host, and do the same for eth0 on your default network namespace. It's as simple as that.

Note that if you close all your shell to otherhost, the network namespace will disappear, and its interfaces will be moved back into the default network namespace.

svenstaro
  • 103
  • 1
  • 4
BatchyX
  • 902
  • 4
  • 7
1

https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

accept_local - BOOLEAN Accept packets with local source addresses. In combination with suitable routing, this can be used to direct packets between two local interfaces over the wire and have them accepted properly. default FALSE

Using sysctl -w net.ipv4.conf.eth0.accept_local=1

Sends the packet over the wire.

Mike Mackintosh
  • 272
  • 3
  • 12
0

try

#mark packets from 192.168.1.1 to 192.168.1.2
iptables -t mangle -I OUTPUT -s 192.168.1.1 -d 192.168.1.2 -j MARK --set-mark 11
#mark packets from 192.168.1.2 to 192.168.1.1
iptables -t mangle -I OUTPUT -s 192.168.1.2 -d 192.168.1.1 -j MARK --set-mark 12

#add routing table for 192.168.1.1 
ip ru a fwmark 11 table 11
ip r a 192.168.1.2 dev eth0  t 11

#add routing table for 192.168.1.2
ip ru a fwmark 12 table 12
ip r a 192.168.1.1 dev eth1  t 12

man ip , man iptables for more info

zb'
  • 117
  • 7
  • 1
    A little more context would help round out your answer (Pretend you don't know what the `ip` command does and briefly explain what the alphabet soup means :). In a lot of answers on the site we go out of our way to discourage people from blindly typing things they find on the internet without really understanding it -- seems fair that our answers should encourage understanding over blind "type this" solutions... – voretaq7 Jul 31 '12 at 15:04
  • I pretend that OP already know 'man' command. why I should explain what iproute does ? – zb' Jul 31 '12 at 15:07
  • in fact it may be not full solution, will update the answer to make it worki better – zb' Jul 31 '12 at 15:17
  • Much better -- You'd be surprised how many people have not yet mastered the use of manual pages... – voretaq7 Jul 31 '12 at 16:30
  • I know, but I still not think that you need to read documentation of core utilites for anybody. as you not need to describe printf on stackoverflow :) – zb' Jul 31 '12 at 16:35
  • 1
    It's not "what does the tool do?" that we're looking for as context, it's "Why should I use *this* tool in *this* way?" -- To extend your analogy, "Why `printf` instead of `puts`?". Knowing "how" solves the current problem, knowing "why" means you don't have to ask a similar question tomorrow :) (If you want to kick this topic around some more I'm on chat in [The Comms Room](http://chat.stackexchange.com/rooms/127/the-comms-room)) – voretaq7 Jul 31 '12 at 18:20
  • When receiving, the kernel will drop packets if their source address matches one of its own interfaces. You need to unset the `accept_local` sysctl (or something like that). – BatchyX Apr 03 '14 at 07:28