Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
With a rule like the above, does the destination mac address change to
that of PC with ip address 192.168.10.3 from that of the PC that is performing the forwarding (i.e PC in which this is rule is found)?
The destination MAC address does not travel with the packet because that belongs to Layer 2. The Mac address is going to be retreived after the packet enters to your network. If you do that inside of your network, the computer forwarding the packet will broadcast again (or retreive from it's ARP table) the MAC address of 192.168.10.3.
With a rule like the above, does the destination mac address change to
that of PC with ip address 192.168.10.3 from that of the PC that is performing the forwarding (i.e PC in which this is rule is found)?
regards,
Visham
Plus the rule is not correct you have the `-i eth0 -o eth0` it must have the other interface that you are forwarding too like `-i eth0 -o eth1`
<quote>
Plus the rule is not correct you have the `-i eth0 -o eth0` it must have the other interface that you are forwarding too like `-i eth0 -o eth1`
</quote>
The rule i wrote is correct..u can receive and transmit on the same interface because we use 2 pairs of receive & trasmit lines in a NIC. So ' -i eth0 -o eth0' stands.
I have a PC to which i send traffic. Depending on the src and dst ip adrs, it forwards the traffic. I enabled ip forwarding on the PC and i have the above iptables rule doing the forwarding. Basically the problem that I face is that when i have two NICs active in that PC, icmp traffic is fwded but it does not go out of the same interface on which it was received but rather from the other NIC, which is not what i want. It's like the traffic is received on eth0, fwded to eth1 and then out through eth1. It should normally have been received on eth0 and out through eth0 itself.
When i disable one of the NICs, icmp traffic is no longer fwded. Actually the rule should work even when you have only one NIC.
If anyone knows what i'm doing wrong, or actually not doing, pls let me know..
<quote>
Plus the rule is not correct you have the `-i eth0 -o eth0` it must have the other interface that you are forwarding too like `-i eth0 -o eth1`
</quote>
The rule i wrote is correct..u can receive and transmit on the same interface because we use 2 pairs of receive & trasmit lines in a NIC. So ' -i eth0 -o eth0' stands.
I have a PC to which i send traffic. Depending on the src and dst ip adrs, it forwards the traffic. I enabled ip forwarding on the PC and i have the above iptables rule doing the forwarding. Basically the problem that I face is that when i have two NICs active in that PC, icmp traffic is fwded but it does not go out of the same interface on which it was received but rather from the other NIC, which is not what i want. It's like the traffic is received on eth0, fwded to eth1 and then out through eth1. It should normally have been received on eth0 and out through eth0 itself.
When i disable one of the NICs, icmp traffic is no longer fwded. Actually the rule should work even when you have only one NIC.
If anyone knows what i'm doing wrong, or actually not doing, pls let me know..
Thx again..
Warm regards,
Visham
I stand corrected. With what I know tabout the forwarding rule, it must forward the packet to the next interface that is what the forwarding chain is designed to do, I'm am curious as to why you want the icmp packet to go in and out of the same device
"I'm am curious as to why you want the icmp packet to go in and out of the same device."
Well I have only one NIC ;-) ..the PC does some processing on incoming traffic and then redirects them out of the same interface for their final destination. That's all..
One thing though, i once asked the guys from the netfilter mailig-list. They told me that the rue was good.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.