LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 10-20-2005, 04:19 PM   #1
qs_tahmeed
Member
 
Registered: Nov 2003
Location: Bangladesh
Distribution: Solaris 10, FreeBSD 5.4
Posts: 101

Rep: Reputation: 15
About Packet Flow


Hi!

I have 2 interface in my linux box. eth0 & eth1

Normally when i ping there any of the interfaces - i dont see any packets
flowing to the eth0 or eth1.

I found this using iptraf. So at this stage - all the packets are flowing
through the lo int.

Now my eth0 is connected with another pc's eth0. and eth1 is connected
with eth1 in the same 2nd pc. The diagram is

PC1 (eth0) --------------- (eth0) PC2
PC1 (eth1) --------------- (eth1) PC2

I want to block any traffic flowing through eth0 to eth1 of PC1 unless and
untill they are through the PC2. I mean a packet generated from (eth0)
PC1 will be travelling to (eth0) PC2 and then be forwarded through the
(eth1) PC2 to (eth1) PC1.
Like::

eth0 (PC1) ---> eth0 (PC2) ----> eth1 (PC2) ----> eth1 (PC1)

and vice-versa.

Can this be done ?
Any kind of information is highly appreciable. I need this for a testing
purpose.

Thanks in advance.
 
Old 10-20-2005, 05:09 PM   #2
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,591

Rep: Reputation: 79
on PC2 :
#iptables -A INPUT -i eth0 -j DNAT --to-destination <your ip adress on PC1/eth1>
#iptables -A INPUT -i eth1 -j DNAT --to-destination <your ip adress on PC1/eth0>

on PC1 :
#iptables -A INPUT -i eth0 -j DNAT --to-destination <your ip adress on PC2/eth1>
#iptables -A INPUT -i eth1 -j DNAT --to-destination <your ip adress on PC2/eth0>

WARNING :
you will flood your network by sending any packet via eth0/eth1 (until TTL expires, and even then the ICPMs will flood your network back).
Because it will go from PC1/eth0 to PC2/eth0 to PC2/eth1 to PC1/eth1 to PC1/eth0 to PC2/eth0... until iptables crashes or drops the packets because DNAT table is full.

Last edited by Agrouf; 10-20-2005 at 05:16 PM.
 
Old 10-20-2005, 05:53 PM   #3
qs_tahmeed
Member
 
Registered: Nov 2003
Location: Bangladesh
Distribution: Solaris 10, FreeBSD 5.4
Posts: 101

Original Poster
Rep: Reputation: 15
Hi!

Thanks for the Help.

It would be some time after I will be on with my test. But thanks really about the flooding.
I didnt think about that.

Few more things, What if I just want the traffic only in one direction. Like eth0 (PC#1) to
eth1 (PC#1) via PC#2. and not in the other way.

Would the DNAT for INPUT chain would only be in the eth0 of PC#2.

Also shoudn't there be any DNAT for the OUTPUT chain in the PC#1?

Thanks.
 
Old 10-20-2005, 06:50 PM   #4
Agrouf
Senior Member
 
Registered: Sep 2005
Location: France
Distribution: LFS
Posts: 1,591

Rep: Reputation: 79
Actually my code doen't work.
You should DNAT on PREROUTING chain on the nat table (DNAT is only available here and on the OUTPUT chain).
The right code should look like that :

on PC2 :
#iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination <your ip adress on PC1/eth1>

sorry about that.

Or maybe the ROUTE target may suit your needs better, but the ip adress won't be translated (test) :
#iptables -A INPUT -i eth0 -j ROUTE --oif eth1

Last edited by Agrouf; 10-20-2005 at 07:05 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Packet Filter to redirect a packet to a user level process akawale Linux - Networking 3 09-01-2006 01:06 PM
how do i read the data in the packet that i have captured after packet capture? gajaykrishnan Programming 23 04-19-2006 06:09 AM
packet fragmentation in packet forwarding code cranium2004 Linux - Networking 0 05-16-2005 05:05 AM
How to change Packet to look like a Windows packet? TimeFade Linux - Networking 10 08-28-2003 09:08 AM
Suggestions for packet sniffer w/ packet viewing? TruckStuff Linux - Networking 5 05-31-2002 10:50 AM


All times are GMT -5. The time now is 10:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration