* FWDing packets from a physical interface to a virtual interface
@ 2007-09-11 22:36 Arash Yadegarnia
2007-09-12 1:40 ` Jorge Davila
0 siblings, 1 reply; 4+ messages in thread
From: Arash Yadegarnia @ 2007-09-11 22:36 UTC (permalink / raw)
To: netfilter
Hi, :)
Here is the situation:
I have a machine with 2 NICs, assume eth0 (192.168.0.10) connected to my
LAN, and eth1 (192.168.0.20) connected to Internet through a gateway.
I also, have a virtual tap0 (TUN/TAP) interface (10.0.0.1) on this
machine.
All that I want to do is simply, forwarding ALL traffic coming to eth0
from the LAN, into my tap0 interface, So I can modify them using my own
user space program which can capture packets on the tap interface and
send them on eth1 to another address somewhere in the world (through
Internet).
Since I want IP addresses unchanged, I cannot use NAT or Masquerading.
As far as I know, In this matter forwarding should be done in Layer-2 so
I'm not sure if I can use iptables to do the job.
I also have tried bridging but I was trapped in a horrible bridge loop
(Enabling STP on bridge also didn't work for me).
Any ideas? :)
Thanks,
Arash
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: FWDing packets from a physical interface to a virtual interface
2007-09-11 22:36 FWDing packets from a physical interface to a virtual interface Arash Yadegarnia
@ 2007-09-12 1:40 ` Jorge Davila
2007-09-12 11:32 ` Arash Yadegarnia
0 siblings, 1 reply; 4+ messages in thread
From: Jorge Davila @ 2007-09-12 1:40 UTC (permalink / raw)
To: Arash Yadegarnia, netfilter
Arash:
AFAIK, you must open a path in the firewall to the vpn daemon
(port/protocol) and the daemon will be in charge of administering the
traffic between the clients and the vpn server.
Additionally, you must tell to the client where is the server (the ip
address), what device will be used (tun or tap device).
May you want ask in the mailing list for the vendor/provider of the vpn
software that you are using.
Hope this helps,
Jorge Dávila.
On Wed, 12 Sep 2007 02:06:53 +0330
Arash Yadegarnia <arash@bluehome.net> wrote:
> Hi, :)
>
> Here is the situation:
>
> I have a machine with 2 NICs, assume eth0 (192.168.0.10) connected to my
> LAN, and eth1 (192.168.0.20) connected to Internet through a gateway.
> I also, have a virtual tap0 (TUN/TAP) interface (10.0.0.1) on this
> machine.
>
> All that I want to do is simply, forwarding ALL traffic coming to eth0
> from the LAN, into my tap0 interface, So I can modify them using my own
> user space program which can capture packets on the tap interface and
> send them on eth1 to another address somewhere in the world (through
> Internet).
>
> Since I want IP addresses unchanged, I cannot use NAT or Masquerading.
> As far as I know, In this matter forwarding should be done in Layer-2 so
> I'm not sure if I can use iptables to do the job.
> I also have tried bridging but I was trapped in a horrible bridge loop
> (Enabling STP on bridge also didn't work for me).
>
> Any ideas? :)
>
> Thanks,
> Arash
>
>
>
Jorge Isaac Davila Lopez
Nicaragua Open Source
+505 430 5462
davila@nicaraguaopensource.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: FWDing packets from a physical interface to a virtual interface
2007-09-12 1:40 ` Jorge Davila
@ 2007-09-12 11:32 ` Arash Yadegarnia
2007-09-12 11:45 ` Leonardo Rodrigues Magalhães
0 siblings, 1 reply; 4+ messages in thread
From: Arash Yadegarnia @ 2007-09-12 11:32 UTC (permalink / raw)
To: Jorge Davila, netfilter
Thanks Jorge,
I'm not using any specific VPN solution, Me and my colleagues are
developing a secure VPN solution based on kernel TUN/TAP driver.
Since we have full control over our tap interface we just need to
redirect the whole traffic coming into the eth0 (from a LAN) into the
tap interface, so we can read them (I mean Ethernet frames in Layer 2)
and send them out from the other pysical interface (eth1).
BTW, Redirecting a single or even multiple ports won't work in my
situation, because I want whole traffic in layer 2, not a specific port
number.
Thanks,
Arash
On Tue, 2007-09-11 at 19:40 -0600, Jorge Davila wrote:
> Arash:
>
> AFAIK, you must open a path in the firewall to the vpn daemon
> (port/protocol) and the daemon will be in charge of administering the
> traffic between the clients and the vpn server.
> Additionally, you must tell to the client where is the server (the ip
> address), what device will be used (tun or tap device).
>
> May you want ask in the mailing list for the vendor/provider of the vpn
> software that you are using.
>
>
> Hope this helps,
>
> Jorge Dávila.
>
> On Wed, 12 Sep 2007 02:06:53 +0330
> Arash Yadegarnia <arash@bluehome.net> wrote:
> > Hi, :)
> >
> > Here is the situation:
> >
> > I have a machine with 2 NICs, assume eth0 (192.168.0.10) connected to my
> > LAN, and eth1 (192.168.0.20) connected to Internet through a gateway.
> > I also, have a virtual tap0 (TUN/TAP) interface (10.0.0.1) on this
> > machine.
> >
> > All that I want to do is simply, forwarding ALL traffic coming to eth0
> > from the LAN, into my tap0 interface, So I can modify them using my own
> > user space program which can capture packets on the tap interface and
> > send them on eth1 to another address somewhere in the world (through
> > Internet).
> >
> > Since I want IP addresses unchanged, I cannot use NAT or Masquerading.
> > As far as I know, In this matter forwarding should be done in Layer-2 so
> > I'm not sure if I can use iptables to do the job.
> > I also have tried bridging but I was trapped in a horrible bridge loop
> > (Enabling STP on bridge also didn't work for me).
> >
> > Any ideas? :)
> >
> > Thanks,
> > Arash
> >
> >
> >
>
> Jorge Isaac Davila Lopez
> Nicaragua Open Source
> +505 430 5462
> davila@nicaraguaopensource.com
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: FWDing packets from a physical interface to a virtual interface
2007-09-12 11:32 ` Arash Yadegarnia
@ 2007-09-12 11:45 ` Leonardo Rodrigues Magalhães
0 siblings, 0 replies; 4+ messages in thread
From: Leonardo Rodrigues Magalhães @ 2007-09-12 11:45 UTC (permalink / raw)
To: Arash Yadegarnia; +Cc: netfilter
[-- Attachment #1: Type: text/plain, Size: 1097 bytes --]
So maybe you'll have to some bridging stuff and not
netfilter/iptables ones ....
iptables/netfilter deals basically with Layer 3 (IP) packets and not
layer 2 frames, which are the ones you're interested.
Arash Yadegarnia escreveu:
> Thanks Jorge,
>
> I'm not using any specific VPN solution, Me and my colleagues are
> developing a secure VPN solution based on kernel TUN/TAP driver.
> Since we have full control over our tap interface we just need to
> redirect the whole traffic coming into the eth0 (from a LAN) into the
> tap interface, so we can read them (I mean Ethernet frames in Layer 2)
> and send them out from the other pysical interface (eth1).
> BTW, Redirecting a single or even multiple ports won't work in my
> situation, because I want whole traffic in layer 2, not a specific port
> number.
>
> Thanks,
> Arash
>
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email it
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/x-pkcs7-signature, Size: 5672 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-09-12 11:45 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-09-11 22:36 FWDing packets from a physical interface to a virtual interface Arash Yadegarnia
2007-09-12 1:40 ` Jorge Davila
2007-09-12 11:32 ` Arash Yadegarnia
2007-09-12 11:45 ` Leonardo Rodrigues Magalhães
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.