1

I am trying to setup a small loopback program in python to send UDP packets from one interface to the other. Without modifying iptables, the kernel will just short circuit any communication and send it directly to a specific interface without ever going over the wire. Using the following I was able to get pings to travel over the wire (from this post) but I'm not sure how to get UDP to do the same thing. 

ifconfig eth2 10.50.0.1/24
ifconfig eth3 10.50.1.1/24

# nat source IP 10.50.0.1 -> 10.60.0.1 when going to 10.60.1.1
iptables -t nat -A POSTROUTING -s 10.50.0.1 -d 10.60.1.1 -j SNAT --to-source 10.60.0.1

# nat inbound 10.60.0.1 -> 10.50.0.1
iptables -t nat -A PREROUTING -d 10.60.0.1 -j DNAT --to-destination 10.50.0.1

# nat source IP 10.50.1.1 -> 10.60.1.1 when going to 10.60.0.1
iptables -t nat -A POSTROUTING -s 10.50.1.1 -d 10.60.0.1 -j SNAT --to-source 10.60.1.1

# nat inbound 10.60.1.1 -> 10.50.1.1
iptables -t nat -A PREROUTING -d 10.60.1.1 -j DNAT --to-destination 10.50.1.1

ip route add 10.60.1.1 dev eth2
arp -i eth2 -s 10.60.1.1 00:1B:21:C1:F6:0F # eth3's mac address

ip route add 10.60.0.1 dev eth3 
arp -i eth3 -s 10.60.0.1 00:1B:21:C1:F6:0E # eth2's mac address

ping 10.60.1.1

I would like tp be able to broadcast a UDP message out on 10.50.0.1, and read it on 10.50.1.1

How can I go about doing this?

Tyler
  • 111
  • 2

1 Answers1

0

Not a complete answer because I’m currently on mobile but this is also too long for a comment:

By default all NIC’s are managed by a single IP stack in the Linux kernel and because of that the kernel “knows” that traffic from IP-address 10.50.0.1 on eth2 to 10.50.1.1 does not need to be sent to the router in the 10.50.0.0/24 subnet and will bypass that routing completely and send it directly to eth3.

Generally that is the smart thing to do, as that will give you virtually no latency and much more bandwidth than the actual wire speeds of eth2 and eth3 and the router(s) in between.

You can prevent that by setting up specific routing instructions which seems what you have been trying with iptables but arguably a better solution is to make use of network namespaces. By assigning each NIC to a different namespace the Linux kernel will no longer treat traffic from eth2 to eth3 as local and rather than simply sending the packets only in memory from 10.50.0.1 to 10.50.1.1 they will go out on the wire.

HBruijn
  • 72,524
  • 21
  • 127
  • 192