hello all,
i have a linux machine with two ethernet cards and i have to forward the packets that are received on one NIC to the other NIC at the kernel level....
Can this be done...
I had tried it by modifying the ethernet header information of the packet by using the hard_header() function of net_device structure. I have intercepted the packets at the IP layer of the network stack with netfilter. I had used the function but the packet is not forwarded. I want to know the exact location of the implementation of the hard_header()in the kernel. If anyone knows more info kindly provide me with them
Is there any other way of doing it in the kernel stack
I thank the ideas in advance


madhavan

Do you want something like a transparent firewall?
http://www.securityfocus.com/infocus/1737

http://linux-net.osdl.org/index.php/Bridge

I dont know about hard_header() but I'm pretty sure you can do what you want just by using iptables - which i think controls netfilter. Just add rules to the input output and forward chains.

Your original message doesn't indicate what you are trying to accomplish.
Routing packets between interfaces based on what?

Is each interface connected to a different subnet, or are you wanting to perform NAT translation, or do you want to install a bridge or use your computer as a switch, or as a router w/IDS protection.

A bridge or switch will will work at a different layer, using the MAC address of connected hosts. A netfilter based firewall will normally base its rules on the IP addresses of the hosts. As Soup mentioned, the ip_tables command is used to interface with netfilter in kernel.

hi jschiwal,
the ethernet cards are connected two different sub networks.
eth0 is connected to the class B domain subnetwork
eth1 is connected to the class A domain subnetwork
what i need to do is
every packet that is received on the eth0 must be directed to the eth1 and vice versa. the important thing is that the packet contents should not be modified by the linux network stack
suggest a way of doing it friends
madhavan

You could simply have everything plugged into a hub.

If you want certain traffic routed, the routing table is usually set up for you when you set up the IP and netmasks on the two NICs. If your Linux host is what connects these two subnets (a gateway), then the address of your respective NIC card will need to be entered as the default gateway for other hosts. If you want your linux host to be a bridge, you will need to set up and configure a bridge device. A bridge works by looking at the MAC addresses.

It almost sounds as if you don't want to use subnetting to begin with.
The purpose of subnetting is to segregate the network. A gateway will go further and reduce traffic on the wire (important with hubs) and prevent traffic from unauthorized hosts from passing through.

There is a book titled "The Network Administration Guide", referred to as the NAG guide, available online at www.tldp.org.
Also, the man pages for "route" "ip" and "iptables" may be helpful.

Thanks everyone,
i will try using the hub.
madhavan