Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
hi,
i have a external ip address on my machine on eth0 interface 172.16.81.155.
i have created a dummy interface eth0:2 and assigned 173.1.1.2
i run a server application by opening a socket binding to 173.1.1.2
i setup iptables rules as below:
Quote:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 49155 -j DNAT --to-destination 173.1.1.2
iptables -t nat -A POSTROUTING -o eth0 -p tcp --dport 49155 -d 173.1.1.2 -j SNAT --to-source 170.1.1.2
iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d 173.1.1.2 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -s 173.1.1.2 -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 8 -s 173.1.1.2 -d 0/0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0 -s 0/0 -d 173.1.1.2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t raw -I PREROUTING -d 173.1.1.2 -j DROP
now from another PC, which has ip address of 172.16.81.13 i run a client program to connect to 172.16.81.155 ip.
above works fine.
i remove this dummy eth0:2 interface and replace with a vlan interface eth0.2 by below commands:
Quote:
ip link add link eth0 name eth0.2 type vlan id 2
ip link
ip -d link show eth0.2
ip link set dev eth0.2 up
sleep 1
ifconfig eth0.2 173.1.1.2 up
and on the peer end i create a vlan with id 2.
then if i run server and client programs, it doesnt work.
tcpdump:
You should explain plainly what you're trying to accomplish, rather than just posting excerpts from your firewall ruleset and expecting us to figure out how it's supposed to work.
I noticed one thing though: Your ruleset contains two rules explicitly referencing the interface "eth0". Those rules will be applied to any aliases as well, such as "eth0:2", as aliases is just a (deprecated) way of adding multiple IP addresses to the same interface. They will however NOT be applied to interfaces such as "eth0.2", as a VLAN interface is a Layer 2 interface in its own right.
You should explain plainly what you're trying to accomplish, rather than just posting excerpts from your firewall ruleset and expecting us to figure out how it's supposed to work.
I noticed one thing though: Your ruleset contains two rules explicitly referencing the interface "eth0". Those rules will be applied to any aliases as well, such as "eth0:2", as aliases is just a (deprecated) way of adding multiple IP addresses to the same interface. They will however NOT be applied to interfaces such as "eth0.2", as a VLAN interface is a Layer 2 interface in its own right.
thanks for your reply. sorry had not included what is the objective:
1. Have one physical interface eth0 on a target, with 172.16.81.155 as the ip address to communicate with other nodes (for untagged normal traffic processing)
2. Have to run a socket server on top of VLAN interface. (tagged packets). had created eth0.2 interface for this purpose (173.1.1.2)
3. On the peer side, it will have ip address of 172.16.81.13. A client will be running on VLAN interface and try connecting to 172.16.81.155 as the server ip
in plain terms on a single physical interface, and single ip address i should be able to have VLAN and normal traffic, but VLAN traffic should land on a different interface/ip address so that i can run my custom server applications
Please surround any terminal output with "code" tags which become available when you click the "Advanced" button beneath the compose/edit post window. It makes terminal output much easier to read.
And please tell us what you are trying to accomplish. Context matters.
Please surround any terminal output with "code" tags which become available when you click the "Advanced" button beneath the compose/edit post window. It makes terminal output much easier to read.
And please tell us what you are trying to accomplish. Context matters.
1. Have one physical interface eth0 on a target, with 172.16.81.155 as the ip address to communicate with other nodes (for untagged normal traffic processing)
2. Have to run a socket server on top of VLAN interface. (tagged packets). had created eth0.2 interface for this purpose (173.1.1.2)
3. On the peer side, it will have ip address of 172.16.81.13 (VLAN interface). A client will be running on VLAN interface and try connecting to 172.16.81.155 as the server ip
in plain terms on a single physical interface, and single ip address (visible outside) i should be able to have VLAN and normal traffic, but VLAN traffic should land on a different ip address so that i can run my custom server applications by binding to that VLAN interface
from tcpdump already quoted it is clear that when 172.16.81.13 is trying to open the socket communication it is indeed sending vlan tagged packet. however when 172.16.81.155 is replying back it is sending untagged packet with RST flag set.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.