Re: A weird routing question.

Unruh wrote:
Robert Harris <robert.f.harris@xxxxxxxxxxxxxxxx> writes:

none wrote:
Hi all,


Generally speaking, in an IP network, any IP packet which reach a node
(workstation, gateway, router...), and whichever the incoming interface,
will either be caught and absorbed by this node if it is the intended
recipient, or redirected for output (IP forwarding) through [another]
interface in respect to the current routing policy.

But I have a weird goal to achieve:

On a linux box 'A' which has interfaces eth0, eth1, eth2, eth3, I would
like to do a special treatment on packets incoming via eth0 and whose
source is <some-network>.

I would like these packets be unconditionaly redirected unmodified for
output via interface eth1.

That is silly, since then they would still have exactly the same packet
headers and address that they had coming in-- ie your box A address on the
wrong network. It, all that can happen is that they get thrown away since
the address cannot be found.

I didn't want to appear so silly; the tricky point here is to setup the
right route on some other node B, on which ethernet segment node A's
eth1 delivers packets, so that node B re-route packets to their expected
recipient in respect to the following two rules:
- 1) If the recipient is node A, the route WILL NOT involve node A's
eth0 but some other interface of node A.
- 2) Node B will not fear IP spoofing (packets coming back and forth
may appear suspicious).


You seem to be confused as to what an ip packet is ( or maybe I am). It has
a header, saying where it is going and where it came from. It has contents.
YOu are asking like-- I want all letters coming to my house to be thrown
back into the post box immediately in the same envelope they came in. In
the best circumstance they will get delived right back to you again. In the
worst they will get thrown away. In no case does this accomplish anything
useful Perhaps you should tell us what you want to accomplish and we might
be able to tell you how to do not.
That is:
- even if they were targeted (destination IP) at my box 'A', they will
be re-emitted through eth1.

And what is supposed to happen to them then?

They are supposed to join node A again incoming via any interface other
than node A's eth0.


- even if they would have been forwarded through eth2 or eth3, they
will be re-emitted through eth1 too.

No idea what this means.

Assume a classical routing table/policy would have IP-forwarded these
packets through eth2 or eth3 or would have delivered them to the local
processes, I want to alter this policy so that these packets be emitted
(unmodified) through eth1 INSTEAD (and not duplicated).





Any idea to help me reach this goal?


Sincerely,
Le Testeur

You need to read "raw" packets at eth0 and write them to eth1.

"man packet" will get you started. There is also a library "libpcap"
that is used by tcpdump which you may find useful.

I can hardly grasp your directions yet, but I'm heavily working on it
and I thank you for your suggestions.
Thought, I would prefer now to resort to such RAW features ; I'd prefer
using more constrained and more secured features.



Robert

Thanks a lot.

==> I would like you to read the post I just answered to myself to tell
more to the four people who answered me about the real goal I want to
reach and to demystify my needs.

Thanks to do so.

Sincerely,
Le Testeur
.

Quantcast