Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My computer run under fedora core 4.I would like to configure on my computer which own 2 interfaces to be able to send data stream on a interface, pass through a router and come back to my another interface.
The problem that is the computer begin to parse the local table (ip route2)and see his interface in direct and refuse to pass by the other interface.
route -n output:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.20.0.0 192.21.0.1 255.255.255.0 UG 0 0 0 eth1
192.20.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.21.0.0 192.20.0.1 255.255.254.0 UG 0 0 0 eth0
192.21.0.0 0.0.0.0 255.255.254.0 U 0 0 0 eth1
When I ping 192.21.0.2 from 192.20.0.2, the ping is direct and it's not what I want.
I would like that the ping echo request and so response pass through the router.
echo request:192.21.0.2->192.21.0.1->192.20.0.1->192.20.0.2
echo response:192.20.0.2->192.20.0.1->192.21.0.1->192.21.0.2
Ping it's just an example, I would like this for all data stream.
If eth0 and eth1 shown here are on the same box then a direct response is what you will get as they are both directly conneced networks on the same machine.
AFAIK there is no way to get a system to shut off local requests to an IP address that would still allow it to receive responses to that IP from across a network. In other words, the only way to get the local system to not immediatly respond to a local ping request to 192.21.0.2 would also make it not respond to ping requests that come in from the network.
When you request a connection (ping) to an IP address, it doesn't technically originate from one interface so you are never actually pinging "from 192.20.0.2" you are pinging from the system that knows it is directly connected to both 192.20.0.2 and 192.21.0.2
You could do this with a cisco router by using VRF's but it seems a completely poinless excercise. Prehaps if you explain what you want to achieve by doing this we might be able to suggest a more sensible method.
Thank you for your answers.
I would like to use ftester which is composed of a packet injector and a sniffer on a same computer with 2 interfaces in order to confirm rules of my firewall.
Thanks....
Why not put a scanner/ packet injector on the outside and a sniffer on the inside? Its a much more realistic test than creating an artificial routing scenario which may give you invalid results.
Alternatively you could go to grc.com and use shields up!
Why not put a scanner/ packet injector on the outside and a sniffer on the inside?
Because I do this for a company and this is a requirement.
Thank you.
Well tell them it isn't a realistic requirement. Creating an unusual routing scenario simply for the purposes of testing is changing what you are trying to test. The results you get are likely to be invalid for the system as it is when you put it back to normal.
Do you know iproute2?
It's maybe possible with that, if I configure a policy routing?
Quote:
Originally Posted by Darin
AFAIK there is no way to get a system to shut off local requests to an IP address that would still allow it to receive responses to that IP from across a network.
Quote:
Originally Posted by baldy3105
...it isn't a realistic requirement. Creating an unusual routing scenario simply for the purposes of testing is changing what you are trying to test. The results you get are likely to be invalid for the system as it is when you put it back to normal.
In other words, you can't send traffic out onto a network that is destined back at the local machine, and even if you could then testing your firewall from inside the firewall doesn't tell you anything about the security of it from the outside.
That's like testing a deadbolt on the front door of your house...if you can just turn the lever from the inside, does that prove that your house is insecure?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.