How? Use arp and iptables to communicate duplicate ip device(s)?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How? Use arp and iptables to communicate duplicate ip device(s)?
I have a computer with two wifi dongles. Each dongle has a separate IP address, ex. wlan0 10.0.0.20 & wlan1 10.0.0.30. Each wifi dongle associates with a separate wireless device, but the wireless devices both have the same ip address for their interface, ex. 10.0.0.1. I know the MAC addresses of each wireless device. How can I "talk" to each wireless device, ex. ping, and reach each separately? I don't have the ability to change the IP address of the wireless devices, their IP address must remain 10.0.0.1.
I need a solution which for two separate processes, one for each radio (wlan0, wlan1) which need to dialogue with each radio in parallel.
I thought of putting arp definitions, one for each interface (wlan0, wlan1) with a "fake" ip address and the MAC address. I am assuming this could then be used by the kernel to get the proper MAC address from ARP? Can iptables (NAT) be used to "fix" the fake ip address to the correct ip address, i.e. 10.0.0.20 or 10.0.0.30.. ?
I am not that familiar with Unix networking, so I am struggling.. Thanks.
In short, it can't be done because it should be impossible as per the IP standard.
You have two devices with the same IPv4 address (10.0.0.1), on different physical networks. You want to reach one of them with, say, the ping command. How would the computer know which interface to use? Where would it send the ARP request, and why?
You can't fix this with routing, because the destination addresses are the same. You can't fix it with static ARP either, because again, the destination addresses are identical.
This has nothing to do with Unix networking, it's the way TCP/IP works: Routable IP addresses must be unique, or you'll be able to reach only one of the devices (at best).
(Exception: Non-routable link-local addresses in IPv6, but you're not using IPv6.)
Yes, it is not standard per the IP standard. Yes, as you said I have two devices with the same IPv4 address, 10.0.0.1, on different physical networks.
In my application, 1) I know which network interface wlan0, wlan1,... wlanX, has the MAC I want to hit, 2) I know the IP address I want to hit 10.0.0.1. I understand ARP will attempt to give what it found (likely the first response to 10.0.0.1), but I was thinking of adding static ARP table entries with correct MAC address but fake IP address. When use the fake IP address, with say ping command, and with some iptables magic, is it impossible to hit the correct segment?
I am sure I can write code to make it happen, I am looking for an easier way.
but I was thinking of adding static ARP table entries with correct MAC address but fake IP address. When use the fake IP address, with say ping command, and with some iptables magic, is it impossible to hit the correct segment?
You want to use static ARP to tie the MAC address of the wireless device, and then alter the outgoing packet with iptables?
You'd have to modify the packet post-routing (to make sure it exits the right interface). The chains available post-routing are OUTPUT (filter/nat/mangle tables) for locally generated traffic and POSTROUTING (nat/mangle tables) for forwarded packets.
None of the chains in the filter table support any target that alter packet headers, so those are all out. The POSTROUTING or OUTPUT chains in the nat table wouldn't work either, since neither supports the DNAT target. Same goes for the mangle chain; none of the NAT targets are available, and there are no other targets that can alter IP addresses.
Quote:
Originally Posted by zepplin
I am sure I can write code to make it happen, I am looking for an easier way.
The correct way to handle communication with multiple devices that have the same RFC1918 addresses is indeed to use NAT.
You'll have to treat each device as belonging to a separate, private network and place them behind NAT routers. The external interfaces of the routers can then have different addresses, and access to the devices can be accomplished using port forwarding.
Writing a netfilter module to handle this is possible, but ... seriously, I don't think I've ever heard of a more horrifying kludge. A bit like designing a web-based ERP solution in Microsoft Word, only worse.
You hit on what I was musing regarding separate NAT routers for each device, though I did not know how to express it eloquently. Thank you for your patience with me, this is my first time on this site (or any other).
I've been around a while, so I appreciate your ERP solution joke. What about taking a perfectly good editor, ex. Wordperfect, rewrite it in JAVA, burn the house down, trying to be cool.
I am going to give this a shot via the ARP NAT port fowarding, etc., scenario to see if I can get it working. This ability to hit multiple wireless devices of the same kind from the same manufacturer, in parallel, is an extension to an application I've already built. This kind of solution is preferable since it is largely record keeping similar to what I am already doing with SSID's, MAC's, and other properties.
Thank you, if something else pops into your head, please share - you've been helpful, I think - though I am not woke enough on this subject to know for sure... BSCS '83 but more of an applications programmer, not a systems/networks programmer.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.