Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Make a process having a different source IP?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dj_farid
l33t
l33t


Joined: 14 Jun 2004
Posts: 613
PostPosted: Mon Feb 11, 2008 2:54 pm    Post subject: Make a process having a different source IP? Reply with quote
I run rtorrent locally on my gentoo firewall. The firewall does NAT for the rest of my private LAN.

I would like rtorrent, and rtorrent only to look as if it comes from a different IP address on my firewall/router.
I am not sure how to make it as I want.

I want to mark every packet that comes out from rtorrent with iptables, so that I can shape the traffic (make it go into a different que as the rest of the traffic). There is no good way to do this other than bind the rtorrent to another IP, that I know of.
I have no control over the source or destination ports for rtorrent, only the port it listens on. So marking packets based on ports is a no go.
I have tried l7-filter and pp2p for marking, without luck (since rtorrent is running on the local (same as iptables) machine l7-filter sees only the traffic one way, which is not enough to make the pattern).

Can I somehow make it look like traffic to and from rtorrent comes and goes to some other IP than the public IP that it is on now?
If I could make it that way, I could mark packets based on source ports, and shape the traffic that way.

I was thinking something like making a fake interface on the router, then bind rtorrent to it somehow.

Any suggestions are welcome.
Back to top
View user's profile Send private message
KWhat
l33t
l33t


Joined: 04 Sep 2005
Posts: 660
Location: Los Angeles
PostPosted: Mon Feb 11, 2008 4:46 pm    Post subject: Reply with quote
Quote:
I would like rtorrent, and rtorrent only to look as if it comes from a different IP address on my firewall/router.


It sounds like you want to setup an ip alias for rtorrent on the firewall box and then bind it to that address. (If i understand what your trying todo)

Hopefully this helps.

Code:

cat /etc/conf.d/net
# This blank configuration will automatically use DHCP for any net.*
# scripts in /etc/init.d.  To create a more complete configuration,
# please review /etc/conf.d/net.example and save your configuration
# in /etc/conf.d/net (this file :]!).

config_eth0=(
        "192.168.0.20 netmask 255.255.255.0 brd 192.168.0.255" # SYSTEM
        "192.168.0.21 netmask 255.255.255.0 brd 192.168.0.255" # HTTP
        "192.168.0.22 netmask 255.255.255.0 brd 192.168.0.255" # NS1
        "192.168.0.23 netmask 255.255.255.0 brd 192.168.0.255" # NS2
)
routes_eth0=( "default gw 192.168.0.1" )
dns_servers_eth0=( "192.168.0.22 192.168.0.23" )
Back to top
View user's profile Send private message
dj_farid
l33t
l33t


Joined: 14 Jun 2004
Posts: 613
PostPosted: Mon Feb 11, 2008 5:42 pm    Post subject: Reply with quote
That sounds like something that might work. Thanks for pointing me on the right direction.

I have two physical interfaces on the machine.
Eth0 is on the outside with a public IP, eth1 on the inside with a private IP.
I have to bind rtorrent on the inside interface, eth1, since I don't have a "spare" public IP, right?

If I bind rtorrent to say 192.168.0.20, how does it traverse through netfilter?
Does it go through FORWARD, or is it a local thing (OUTPUT and INPUT)?
Back to top
View user's profile Send private message
KWhat
l33t
l33t


Joined: 04 Sep 2005
Posts: 660
Location: Los Angeles
PostPosted: Mon Feb 11, 2008 7:52 pm    Post subject: Reply with quote
Yes you need to bind to the internal nic. As far as the NAT and rules are setup this is going to be highly dependent on your needs. Generally the ip alias should look as though its just another box on the LAN to the router (Private NIC + Private IP == LAN Traffic). Assuming your using one of those ip tables scripts to generate some rules they generally allow computers on the LAN to talk to each other and you would need to setup a forward for if you wanted to NAT the rtorrent program to the WAN nic. You could also setup additional rules by ip address if need be, but again I am kind of guessing at what your trying to do.
Back to top
View user's profile Send private message
dj_farid
l33t
l33t


Joined: 14 Jun 2004
Posts: 613
PostPosted: Mon Feb 11, 2008 8:27 pm    Post subject: Reply with quote
Thank you very much!

I am quite sure that I managed to do exactly what I wanted.

Code:

$IPTABLES -t mangle -A OUTPUT -j CONNMARK --restore-mark
$IPTABLES -t mangle -A OUTPUT -o $EXTIF -p tcp --src 192.168.0.200 -j MARK --set-mark 2
$IPTABLES -t mangle -A OUTPUT -o $EXTIF -p udp --src 192.168.0.200 -j MARK --set-mark 2
$IPTABLES -t mangle -A OUTPUT -j CONNMARK --save-mark
$IPTABLES -A OUTPUT -m connmark --mark 2 -j ACCEPT


It seems to work so far. I have to do some more tests to make sure.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy