| View previous topic :: View next topic |
| Author |
Message |
tomee
n00b
Joined: 05 Sep 2006
Posts: 38
Location: Poland
|
 Posted: Fri Oct 20, 2006 5:51 pm Post subject: Routing traffic through a virtual interface |
 |
|
Hi,
I would like some of my traffic to be routed through a virtual interface with a separate IP, i.e. I have lan0 with IP 10.0.0.1 and wan0 with IP x.x.x.x, and would like some traffic routed through 10.0.0.1 to a virtual interface with IP, say, 10.0.0.2, and from there to wan0.
I'd like the interface to accept iptables rules and the address to show up in traceroute.
What would be the simplest way of achieving this?
Thanks,
T. |
|
| Back to top |
|
 |
thepustule
Apprentice
Joined: 22 Feb 2004
Posts: 212
Location: Toronto, Canada
|
| Posted: Fri Oct 20, 2006 8:08 pm Post subject: |
|
|
whoa - sounds quite funky.
It looks like you're trying to get one router to act like two hops. That's going to be tough unless you run some kind of virtual machine (bochs, uml, xen, vmware, etc) and then route through the virtual host.
... not even going to ask WHY you'd want to do this... |
|
| Back to top |
|
|
tomee
n00b
Joined: 05 Sep 2006
Posts: 38
Location: Poland
|
| Posted: Fri Oct 20, 2006 9:11 pm Post subject: |
|
|
Really, is it THAT complicated?
I was thinking about VLAN/IMQ and ipt_ROUTE.ko, but can't seem to get it to work... |
|
| Back to top |
|
|
Malvineous
Apprentice
Joined: 20 Oct 2006
Posts: 281
Location: Brisbane, Australia
|
| Posted: Sat Oct 21, 2006 12:09 am Post subject: |
|
|
Assuming I understand you correctly, you should be able to create a second interface on the same PC with the other IP address:
| Code: | | ifconfig lan0:1 10.0.0.2 |
Then you'd probably have to set up some iptables rules to allow routing from 10.0.0.2 to wan0:
| Code: | iptables -A FORWARD -i lan0:1 -o wlan0 -j ACCEPT
# Plus other rules to allow return traffic
|
Then you could route specific networks or IP addresses through your new "virtual router":
| Code: | route add -host 1.2.3.4 gw 10.0.0.2
route add -net 192.168.1.0/24 gw 10.0.0.2 |
You can then use iptables rules as normal, just remember to apply them to the lan0:1 interface instead.
Hmm...except the only problem with this is that say you send a packet to 192.168.1.1, the kernel will see that it should send the packet to the gateway at 10.0.0.2 which is fine, but once it arrives at that virtual interface the kernel will need to decide where to send it next - and of course it uses the same routing tables so it will try to send the packet to 10.0.0.2 again, and again, and again...
I don't know if there's a way to make certain routing rules only apply for packets arriving on different interfaces. I suspect not. It may be possible to use an iptables rule to mangle the packets arriving on 10.0.0.2 to change the gateway address to the wan0 IP, but beyond that I think thepustule was right, you'll have to use a virtual machine for this (at any rate it would be much less error prone!) |
|
| Back to top |
|
|
imanassypov
Tux's lil' helper
Joined: 08 Dec 2005
Posts: 118
Location: Toronto, Canada
|
| Posted: Tue Oct 24, 2006 1:41 pm Post subject: |
|
|
The question does not make any sense. From your question it follows that your lan vlan essentially overlays wan? Why would you want to do that?
If you need a routing gateway, just put another nic on your box and enable ip forwarding, add some static routes and you are done.
If, on the other hand, it is an inter-vlan routing gateway for your lan then you can create an alias on the interface, potentially NAT and static routes to point to your alias. If you need iptables in this case, then just reference it to ip addresses rather than interface names.
-ig
_________________
I.M. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
