Force traffic to different subnet on same eth0

Seemoi · 04-18-2014, 01:09 PM

Hello.

I'm connected via ssh : 10.0.0.4

I need to run $ sudo apt-get update on 10.0.0.4,
have the traffic redirected to to 10.29.70.4

Can I do this as root via iptables while on 10.0.0.4 ?

Thank you.

smallpond · 04-19-2014, 08:01 AM

I'm easily confused, so pardon the stupid question. Are 10.0.0.4 and 10.29.70.4 two different ports on the same machine? Obviously, only the machine running apt-get will understand the traffic resulting from the command.

Seemoi · 04-19-2014, 01:46 PM

Sorry, I'll be more detailed...

Machine 1 (Client)= 10.0.0.2 # Client

Machine 2 (Ssh Server) = 10.0.0.4 # No Internet access, ssh server
Machine 2 (inactive connection) 10.29.70.4 # Internet access when up, no ssh server

Machine 3 (apt-cacher-ng Server) 10.29.70.10

1. Connect from 10.0.0.2 via ssh -p 2222 machine2@10.0.0.4

Problem: Once connected to Machine 2 (10.0.0.4), I can't run $ apt-get update
because there is no internet. If I was connected to 10.29.70.4, I would
do $ apt-get update (traffic is proxied to machine 3 10.29.70.10:3142)
I can't switch to the internet 10.29.70.4, it will cut my ssh connection.

I'd like to reroute traffic...
Outbound 10.0.0.4 > to apt-cacher-ng 10.29.70.10 port 3142

There are so many combinations, not sure which is most appropriate.
Virtual Interface, static route, Bridge, Ssh vpn, iptables

Thank you.

smallpond · 04-19-2014, 04:28 PM

If 10.0.x.x is a private LAN with no internet access, and 10.29.70.4 can get to the internet via 10.29.70.10, then you should be able to enable both ports and have a route table something like this:

Code:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.29.70.10     0.0.0.0         UG    0      0        0 eth1
10.29.70.0      0.0.0.0         255.255.255.0   U     0      0        0 eth1
10.0.0.0        0.0.0.0         255.255.0.0     U     0      0        0 eth0

Seemoi · 04-19-2014, 11:13 PM

Thanks smallpond.

I cannot enable the 10.29.70.4 while connected to 10.0.0.4 via ssh, it will cut the ssh connection,
there is a script in place that "service ssh stop" when 10.29.70.4 is enabled.

The gnome-network-manager is up and running.

I have experimented and achieved a result, not sure if it's the best way...

1. After ssh into 10.0.0.4, as root: $ ifconfig eth0:1 10.28.70.66 netmask 255.255.255.0 up

$ netstat -anr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.28.70.0 0.0.0.0 255.255.255.0 U 0 0 0 eth

2. apt-cacher-ng is using this in the /etc/apt/apt.conf: Acquire::http { Proxy "http://10.28.70.10:3142"; };

3. apt-get update # Success yeah !
eth0:1 as 10.28.70.66 connects to apt-cacher-ng server 10.28.70.10

I'm not sure why this works, it didn't fit into any tutorial I researched but it's working for now.
I was doing this but apparently it wasn't needed;
$ route add -host 10.28.70.10 gw 10.28.70.1 eth0:1

4. When done, delete the route for 10.28.70.0

There is only one pysical interface for each machine.

Seemoi · 04-25-2014, 08:34 AM

OK...

Final result, the 'only' change needed was;

1. $ ifconfig eth0:1 10.28.70.66 netmask 255.255.255.0 up
2. Edit /etc/apt/apt.conf
Acquire::http { Proxy "http://10.28.70.10:3142"; };

Routing not necessary.

Cheers !

[SOLVED]