From: Arash Yadegarnia <arash@bluehome.net>
To: Jorge Davila <davila@nicaraguaopensource.com>,
netfilter@lists.netfilter.org
Subject: Re: FWDing packets from a physical interface to a virtual interface
Date: Wed, 12 Sep 2007 15:02:50 +0330 [thread overview]
Message-ID: <1189596770.5995.11.camel@Thinkpad> (raw)
In-Reply-To: <web-24515613@bk3.webmaillogin.com>
Thanks Jorge,
I'm not using any specific VPN solution, Me and my colleagues are
developing a secure VPN solution based on kernel TUN/TAP driver.
Since we have full control over our tap interface we just need to
redirect the whole traffic coming into the eth0 (from a LAN) into the
tap interface, so we can read them (I mean Ethernet frames in Layer 2)
and send them out from the other pysical interface (eth1).
BTW, Redirecting a single or even multiple ports won't work in my
situation, because I want whole traffic in layer 2, not a specific port
number.
Thanks,
Arash
On Tue, 2007-09-11 at 19:40 -0600, Jorge Davila wrote:
> Arash:
>
> AFAIK, you must open a path in the firewall to the vpn daemon
> (port/protocol) and the daemon will be in charge of administering the
> traffic between the clients and the vpn server.
> Additionally, you must tell to the client where is the server (the ip
> address), what device will be used (tun or tap device).
>
> May you want ask in the mailing list for the vendor/provider of the vpn
> software that you are using.
>
>
> Hope this helps,
>
> Jorge Dávila.
>
> On Wed, 12 Sep 2007 02:06:53 +0330
> Arash Yadegarnia <arash@bluehome.net> wrote:
> > Hi, :)
> >
> > Here is the situation:
> >
> > I have a machine with 2 NICs, assume eth0 (192.168.0.10) connected to my
> > LAN, and eth1 (192.168.0.20) connected to Internet through a gateway.
> > I also, have a virtual tap0 (TUN/TAP) interface (10.0.0.1) on this
> > machine.
> >
> > All that I want to do is simply, forwarding ALL traffic coming to eth0
> > from the LAN, into my tap0 interface, So I can modify them using my own
> > user space program which can capture packets on the tap interface and
> > send them on eth1 to another address somewhere in the world (through
> > Internet).
> >
> > Since I want IP addresses unchanged, I cannot use NAT or Masquerading.
> > As far as I know, In this matter forwarding should be done in Layer-2 so
> > I'm not sure if I can use iptables to do the job.
> > I also have tried bridging but I was trapped in a horrible bridge loop
> > (Enabling STP on bridge also didn't work for me).
> >
> > Any ideas? :)
> >
> > Thanks,
> > Arash
> >
> >
> >
>
> Jorge Isaac Davila Lopez
> Nicaragua Open Source
> +505 430 5462
> davila@nicaraguaopensource.com
>
next prev parent reply other threads:[~2007-09-12 11:32 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-09-11 22:36 FWDing packets from a physical interface to a virtual interface Arash Yadegarnia
2007-09-12 1:40 ` Jorge Davila
2007-09-12 11:32 ` Arash Yadegarnia [this message]
2007-09-12 11:45 ` Leonardo Rodrigues Magalhães
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1189596770.5995.11.camel@Thinkpad \
--to=arash@bluehome.net \
--cc=davila@nicaraguaopensource.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox