1
I use TUN/TAP to create a tun NIC tun0 with IP 10.10.10.2, and I have a real NIC eth0 with IP 202.112.34.49
Then I run a TCP client which binds its socket to 202.112.34.49 and a TCP server binding 10.10.10.2. but I can't establish a tcp connection between them.
So can a TCP client on one NIC connect to a tcp server on the other NIC?
misteryes
Posted 2013-05-17T17:12:23.493
Reputation: 2 255
2
Packets to local addresses will always run on the lo interface; they will never leave the machine. (Packets to local addresses arriving on non-lo interfaces are regarded as martians.)
In other words, your packets must get stuck on the lo interface somewhere, possibly due to a firewall. Check your iptables-save output and do a tcpdump on the lo interface for those packets to debug this issue.
Janos Pasztor
Posted 2013-05-17T17:12:23.493
Reputation: 767
3
Neither the TCP client nor the TCP server are "on" any NICs. Individual interfaces are considered at layers 1 and 2 while TCP operates at layer 4. Except for very special socket options like SO_BINDTODEVICE, TCP endpoints are not attached to any network interface.
Your TCP server and client just happen to be bound to different local IP addresses. Connecting between them should work just fine.
Celada
Posted 2013-05-17T17:12:23.493
Reputation: 2 120
What do you mean by "a socket descriptor to the tun0"? – David Schwartz – 2017-11-06T04:49:24.067
ah, I got it, since the IPs are all local, the packets will be sent to
lobut not tun0. If I use raw socket to modify the source IP to an non-local IP, for example, I use raw socket to send a packet to the TCP server on 10.10.10.2, will the server react a TCP SYN/ACK destined to that non-local IP. Can I hook/intercept the SYN/ACK packet(including TCP/IP Header)? thanks – misteryes – 2013-05-17T22:30:27.7901The packets destined to remote destinations will be sent according to the machine's routing table. You could of course use promisc mode on the network interface or set up a NAT to a local address, however you may want to take a look at something like LXC. It allows you to run two minimalistic virtual machines with separate network stacks. – Janos Pasztor – 2013-05-18T13:49:49.270
no, what I want to do is: I have a tcp server listening on 10.10.10.2(that is the tun0), and I open a socket descriptor to the tun0. Then I can use the socket descriptor to write TCP SYN packet to the socket descriptor and read the responding TCP SYN/ACK packet. Is this usage correct? thanks! – misteryes – 2013-05-18T17:30:58.717