Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Routing problem
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
z40000
n00b
n00b


Joined: 05 Jun 2013
Posts: 1

PostPosted: Wed Jun 05, 2013 8:30 pm    Post subject: Routing problem Reply with quote

I have one pc with two network interfaces connected to two different networks which both use the same range of ip addresses:
eth0 192.168.5.0/24
eth1 192.168.5.0/24
I can't change the ip configuration of any computer in those networks but I still need to be able to connect to any computer accessible over the two interfaces.
Now if for example a program wants to connect to 192.168.5.3 the kernel doesn't know if it wants to talk to 192.168.5.3 on eth0 or to 192.168.5.3 on eth1 which is a different computer.
Is there some easy way to remap one of the networks to a different ip range internally?
So that I can configure the interfaces in this way:
eth0 192.168.5.0/24
eth1 50.0.0.0/24
but everytime I ping for example 50.0.0.3 the packet which leaves the computer on eth1 is destinated to 192.168.5.3 instead of 50.0.0.3?
Or maybe any other solution?
Back to top
View user's profile Send private message
papahuhn
l33t
l33t


Joined: 06 Sep 2004
Posts: 623

PostPosted: Thu Jun 06, 2013 9:29 pm    Post subject: Reply with quote

Destination NAT won't work per se, as the kernel needs to make routing decisions afterwards anyway. However, you can use policy routing combined with packet mangling by means of owner gid. That's what I do when I want some application to use my VPN instead of my regular default route. The steps for you should be similar to the following:

1) Keep your main routing table "subnet-unique". Use 192.168.5.0/24 dev eth0, remove this route on eth1.
2) Add the same subnet on dev eth1 on a separate routing table: ip route add 192.168.5.0/24 dev eth1 table 1337.
3) Mark packets which are emitted by processes with GID 666: iptables -t mangle -A OUTPUT -m owner --gid-owner 666 -j MARK --set-xmark 666.
4) Add a rule which states that 666-marked packets need to consult routing table 1337 instead of main: ip rule add fwmark 666 table 1337.
5) Enhance your sudo permissions. You need to be able to change GID, e.g. "%wheel ALL=(ALL:ALL) ALL" instead of "%wheel ALL=(ALL) ALL". Use another group or user if you like.
6) Use "ping 192.168.5.123" to go via eth0. Use "sudo -g '#666' ping 192.168.5.123" to go via eth1.
_________________
Death by snoo-snoo!
Back to top
View user's profile Send private message
_______0
Guru
Guru


Joined: 15 Oct 2012
Posts: 521

PostPosted: Sat Jun 08, 2013 3:17 pm    Post subject: Reply with quote

papahuhn wrote:
Destination NAT won't work per se, as the kernel needs to make routing decisions afterwards anyway. However, you can use policy routing combined with packet mangling by means of owner gid. That's what I do when I want some application to use my VPN instead of my regular default route. The steps for you should be similar to the following:

1) Keep your main routing table "subnet-unique". Use 192.168.5.0/24 dev eth0, remove this route on eth1.
2) Add the same subnet on dev eth1 on a separate routing table: ip route add 192.168.5.0/24 dev eth1 table 1337.
3) Mark packets which are emitted by processes with GID 666: iptables -t mangle -A OUTPUT -m owner --gid-owner 666 -j MARK --set-xmark 666.
4) Add a rule which states that 666-marked packets need to consult routing table 1337 instead of main: ip rule add fwmark 666 table 1337.
5) Enhance your sudo permissions. You need to be able to change GID, e.g. "%wheel ALL=(ALL:ALL) ALL" instead of "%wheel ALL=(ALL) ALL". Use another group or user if you like.
6) Use "ping 192.168.5.123" to go via eth0. Use "sudo -g '#666' ping 192.168.5.123" to go via eth1.


massive overkill.

setting default route should be enough.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13498

PostPosted: Sat Jun 08, 2013 4:26 pm    Post subject: Reply with quote

_______0 wrote:
massive overkill.

setting default route should be enough.
The OP specifically stated that his network layout is totally wrong and will not be fixed. Using a single default route only works if a given IP address is actually unique within the range of systems visible to the host. The OP stated that his network does not satisfy this constraint. I agree that papahuhn's suggestion is rather complex, but since he is compensating for a broken network design, simplicity may be unachievable. If you believe a simpler solution exists, please post the specific commands required to reach a working state.

A solution based on using network namespaces and moving one of the NICs into that namespace would also work, but has its own complexities.
Back to top
View user's profile Send private message
_______0
Guru
Guru


Joined: 15 Oct 2012
Posts: 521

PostPosted: Sat Jun 08, 2013 4:42 pm    Post subject: Reply with quote

Hu wrote:

setting default route should be enough.
The OP specifically stated that his network layout is totally wrong and will not be fixed. Using a single default route only works if a given IP address is actually unique within the range of systems visible to the host. The OP stated that his network does not satisfy this constraint. I agree that papahuhn's suggestion is rather complex, but since he is compensating for a broken network design, simplicity may be unachievable. If you believe a simpler solution exists, please post the specific commands required to reach a working state.

A solution based on using network namespaces and moving one of the NICs into that namespace would also work, but has its own complexities.[/quote]

Depending on the workflow many programs can specify with options IP and interface. I don't know the nature of OP's workflow.

The steps involves is looking programs' man pages and searching for IP and interface switches.

And I don't buy that an network will give same IP to two interfaces.

This is impossible and contradicting:

Quote:
Now if for example a program wants to connect to 192.168.5.3 the kernel doesn't know if it wants to talk to 192.168.5.3 on eth0 or to 192.168.5.3 on eth1 which is a different computer.


I am not aware that networking is designed this way. The only way for this to show up in "route -an" would be to manually do it.

More over the statement,

Quote:
but everytime I ping for example 50.0.0.3 the packet which leaves the computer on eth1 is destinated to 192.168.5.3 instead of 50.0.0.3?


implies a default route set.

Without more details, route tables and other things, is difficult to give specific commands.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 13498

PostPosted: Sat Jun 08, 2013 11:28 pm    Post subject: Reply with quote

_______0 wrote:
Depending on the workflow many programs can specify with options IP and interface. I don't know the nature of OP's workflow.

The steps involves is looking programs' man pages and searching for IP and interface switches.
True, but we have no reason to believe the OP is using programs designed to deal with this scenario. It is likely that the OP wants a solution that minimizes special handling in the individual programs, so that he can use ping, ssh, Firefox/Chrome, etc. without specifying special options at every step.
_______0 wrote:
And I don't buy that an network will give same IP to two interfaces.

This is impossible and contradicting:

Quote:
Now if for example a program wants to connect to 192.168.5.3 the kernel doesn't know if it wants to talk to 192.168.5.3 on eth0 or to 192.168.5.3 on eth1 which is a different computer.


I am not aware that networking is designed this way. The only way for this to show up in "route -an" would be to manually do it.
That is not what he said. He said that two different networks were created and given the same IP addresses. If these two networks do not connect to one another, this is possible, and indeed common. How many of the readers of this forum use 192.168.0.N for their internal LAN? None of them interfere with each other, because none have routes to one another. The OP is now in the unusual situation of trying to connect a machine to two such networks simultaneously.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum