[SOLVED] modify routing behaviour (multi-NIC) for testing external switch
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
modify routing behaviour (multi-NIC) for testing external switch
I currently try to set up my debian box to test external switch capabilities.
For this reason I've added a 4-port NIC and configured the corresponding interfaces as 192.168.1.[1..4]. All these ports are connected to the external switch to be tested.
I've managed successfully to install the combination xinetd and vsftpd to have the ftp server listen to 192.168.1.1 only.
As client I utilised
With this setup I successfully could transfer the corresponding file, but without meeting my goal to push the data through the external switch.
The kernel routing obviously is intelligent enough to bypass the NIC.
Making use of virtual machines (virtualbox) won't improve the situation since I could not find a way to isolate a network interface for direct access by a dedicated vm.
Any suggestions what else I could/should give a try?
"If at first you don't succeed, give up!"
The box will use the shortest path. You need a second box. Light up a tablet, smartphone, ps2 or raspberry pi and transfer that way. Have you reason to suspect the switch??
No, I don't suspect the switch, I just want to test/compare switch capabilities (throughput, response times and such) and therefore I'll increase the number of used switch ports once the "routing" problem is solved in the simple 2-ports-only case.
I could utilise a second hardware, yes, but then I'd need to buy a set of say raspberrys (see above), so why not try with what is there already?
Then you can use point to point networks, and stick a route 1921.168.0.1<------->192.168.110.2, and vice versa. Then you could send to 192.168.110.2 via 192.168.0.1 and fetch via 192.168.0.2 but that gets messy in the extreme.
If the switch doesn't have that much intelligence, I believe you are snookered without a second box.
If the switch doesn't have that much intelligence, I believe you are snookered without a second box.
No, it's a dumb one.
I've just thought about setting up chroot environments, but I am not sure wether it is possible to fire up interfaces exclusively within a chroot environment: Routing is a kernel task and the kernel is the same for all chroot environments - at least that's my current understanding.
I've been struggeling a bit when "scaling" from a simple point-to-point to the more complex n-to-n scenario that I had in mind.
In general each pairing needs it's own ruleset, but my fault was to introduce virtual interfaces with dedicated IPs for each pairing.
Finally I kicked out the virtual interfaces and simplified the rule sets.
Here is what I do now:
Code:
# give each NIC its own subnet
ifconfig eth<i> 10.50.<i>.1/24
# rewrite each pairing's source ip to the external "dummy" subnet (outgoing, after routing has been done)
# don't forget to swap <s> and <t> to make the return pairing visible
iptables -t nat -A POSTROUTING -s 10.50.<s>.1 -d 10.60.<s><t>.1 -j SNAT --to-source 10.60.<t><s>.1
# rewrite each pairing's destination (external "dummy" subnet) ip to the "real" NIC ip (incoming, before routing is beeing done)
# the <s> portion is no longer needed
iptables -t nat -A PREROUTING -d 10.60.<s><t>.1 -j DNAT --to-destination 10.50.<t>.1
# tell the kernel how to reach the external "dummy" subnet for each pairing
ip route add 10.60.<s><t>.1 dev eth<s>
# pre-populate arp table with the corresponding NIC's MAC adresses
arp -i eth<s> -s 10.60.<s><t>.1 <MAC of target>
By using placeholders in the above "code" the rule how to scale this becomes easier to see:
<i>, <s> (source) and <t> (target) are the interface numbers (eth1 -> "1") that are to be included. The numbers must be in the range of [1..9], otherwise the 3rd triple could explode ;-) (If required one could perhaps split the <s> and <t> portions into the 2nd and 3rd triple.)
Thanks again for the good link. Maybe someone will find my upscaled version helpful.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.