Is there any alternative to virtualization for handling two different interfaces, different networks and same IP range?

5

2

I have a Linux box with two different NICs that are connected to two different networks, but they share the same IP range (10.0.0.x). My first idea was to use virtualization for that (i.e., Xen), but it seems to me overkill since I want to use the same programs without conflicts due routing.

I was wandering if there is a way to confine a NIC to something like a shell session, so all programs launched from there use only that NIC, like launching a bash session that only sees eth1 but not eth0.

edit: I guess I'm looking something similar to FreeBSD jails but for Linux

Carlos

Posted 2011-12-21T16:36:35.743

Reputation: 51

I have the same problem from http://superuser.com/questions/263360/openvpn-client-as-socks-5-server/369416 Which openvpn client software could conveniently create a "Host-only Networking just like vmware" so that i can use it as a socks5 proxy? For example: my pc is 192.168.0.2 and 192.168.10.1 without openvpn client connected, and the openvpn client in this pc may get 192.168.0.2 ip from the remote openvpn server,so i want to make the virtual network of openvpn client is host-only network(eg. don't influence the local network), and it has a NAT ip 192.168.10.2 for host(my pc) to access it

– diyism – 2011-12-23T04:09:24.743

Maybe more simple question is: How to create host only networking without virtual machine? – diyism – 2011-12-23T05:48:49.670

We do something similar here. But we use the routing tables. And it isn't very elegant. – surfasb – 2011-12-23T06:40:37.200

Answers

1

If both the network address and subnet masks for the two separate networks are identical, your network is misconfigured in a way that defeats the basic intent of IP-routing.

I would renumber one of the networks.

RedGrittyBrick

Posted 2011-12-21T16:36:35.743

Reputation: 70 632

I don't understand what are you trying to say with 'misconfigured', two different networks can have the same IP address block. Indeed, most (if not all) home routers share the same IP range: 10.0.0.0 or 192.168.0.0.

The problem is mine, since I need to use both networks at the same time. Sadly, I can't re-assign addresses since those networks aren't under my control. – Carlos – 2011-12-21T17:24:41.687

While those are private blocks and reused throughout the world, by 'misconfigured', he means that if there are multiple routes to the same IP address, and they are different physical hosts, then your networking configuration will not work correctly when you try to address that IP. If I can't say '192.168.0.2' from your computer and refer to exactly one computer, then you need to reconfigure how your network is set up. If you can't do that, then you'll need to find something that can do NAT before packets get to your computer (like a router). – Darth Android – 2011-12-21T18:15:09.967

@Carlos: as Darth says, separately administered networks that use the same private network address are not directly bridged by any single computer, they are necessarily linked only by routers that use Network Address Translation(NAT) and at least one intervening network (even if it is only a two-node network) with a public (and therefore differing and unique) network address. – RedGrittyBrick – 2011-12-21T19:38:09.540

1

Hmm, it seems I'm not describing well my problem. - @Darth Android At best, 'misconfigured' is infortunate to describe the situation: you're correct that this scenario generates a conflict in the routing table, but I'm trying to find a solution for that having two routes isolated from each other. The other solution would be using a proxy NAT, but it seems to me much more complicated than just running Linux virtualized inside a VM, like Xen. - @RedGrittyBrick I'm not trying to bridge two separate networks, I'm trying to access two seperate netowrks that use the same IP block.

I found two jails equivalents for Linux that do network isolation, it seems they'll do trick:

Carlos

Posted 2011-12-21T16:36:35.743

Reputation: 11

1

Your question sounds like it's a job for network namespaces (url is related, not official). Using this technology appears to be relatively new as of this writing and I'm finding quite difficult to find concise HOWTOs that would also explain what's actually happening with each command. Googling "ip netns" (with and without quotes) would probably get you best started putting pieces together.

lkraav

Posted 2011-12-21T16:36:35.743

Reputation: 1 049

0

As stated by Ikraav, this is a job for network namespaces.

Let's call the interfaces to which your two NICs are connected eth-a and eth-b.

# Create the network namespaces
ip netns add net-a
ip netns add net-b

# Take interfaces up
ip netns exec net-a ip link set eth-a up
ip netns exec net-b ip link set eth-b up

# Assign the interfaces to the network namespaces
ip link set eth-a netns net-a
ip link set eth-b netns net-b

# Assign an address and network to the interfaces
# Assume IP is 10.0.0.1 for eth-a and 10.0.0.2 for eth-b
# The two can be set equal, if you want them to
ip netns exec net-a ip address add 10.0.0.1/8 dev eth-a
ip netns exec net-b ip address add 10.0.0.2/8 dev eth-b

# Packets to 10.0.0.3 going through eth-a, with a source of 10.0.0.1
ip netns exec net-a ping 10.0.0.3
# Or through eth-b, with a source of 10.0.0.2
ip netns exec net-b ping 10.0.0.3

If you prefer to have an interface that is the default exit one for programs not run inside a network namespace, just leave it assigned to the network namespace and do not prefix any command concerning it with ip netns exec net-*

Ekleog

Posted 2011-12-21T16:36:35.743

Reputation: 115

Asked: 2011-12-21T16:36:35.743

Viewed: 876 times

Active: 2016-03-03T00:49:39.007