List Info

Thread: FWDing packets from a physical interface to a virtual interface
FWDing packets from a physical interface to a virtual interface
country flaguser name
Iran, Islamic Republic of		 2007-09-11 17:36:53 
Hi, 

Here is the situation:

I have a machine with 2 NICs, assume eth0 (192.168.0.10)
connected to my
LAN, and eth1 (192.168.0.20) connected to Internet through a
gateway.
I also, have a virtual tap0 (TUN/TAP) interface (10.0.0.1)
on this
machine.

All that I want to do is simply, forwarding ALL traffic
coming to eth0
from the LAN, into my tap0 interface, So I can modify them
using my own
user space program which can capture packets on the tap
interface and
send them on eth1 to another address somewhere in the world
(through
Internet).

Since I want IP addresses unchanged, I cannot use NAT or
Masquerading.
As far as I know, In this matter forwarding should be done
in Layer-2 so
I'm not sure if I can use iptables to do the job.
I also have tried bridging but I was trapped in a horrible
bridge loop
(Enabling STP on bridge also didn't work for me).

Any ideas? 

Thanks,
Arash
Re: FWDing packets from a physical interface to a virtual interface
country flaguser name
Nicaragua		 2007-09-11 20:40:15 
Arash:

AFAIK, you must open a path in the firewall to the vpn
daemon 
(port/protocol) and the daemon will be in charge of
administering the 
traffic between the clients and the vpn server.

Additionally, you must tell to the client where is the
server (the ip 
address), what device will be used (tun or tap device).

May you want ask in the mailing list for the vendor/provider
of the vpn 
software that you are using.


Hope this helps,

Jorge Dávila.

On Wed, 12 Sep 2007 02:06:53 +0330
  Arash Yadegarnia <arashbluehome.net> wrote:
> Hi, 
> 
> Here is the situation:
> 
> I have a machine with 2 NICs, assume eth0
(192.168.0.10) connected to my
> LAN, and eth1 (192.168.0.20) connected to Internet
through a gateway.
> I also, have a virtual tap0 (TUN/TAP) interface
(10.0.0.1) on this
> machine.
> 
> All that I want to do is simply, forwarding ALL traffic
coming to eth0
> from the LAN, into my tap0 interface, So I can modify
them using my own
> user space program which can capture packets on the tap
interface and
> send them on eth1 to another address somewhere in the
world (through
> Internet).
> 
> Since I want IP addresses unchanged, I cannot use NAT
or Masquerading.
> As far as I know, In this matter forwarding should be
done in Layer-2 so
> I'm not sure if I can use iptables to do the job.
> I also have tried bridging but I was trapped in a
horrible bridge loop
> (Enabling STP on bridge also didn't work for me).
> 
> Any ideas? 
> 
> Thanks,
> Arash
> 
> 
> 

Jorge Isaac Davila Lopez
Nicaragua Open Source
+505 430 5462
davilanicaraguaopensource.com
Re: FWDing packets from a physical interface to a virtual interface
country flaguser name
Iran, Islamic Republic of		 2007-09-12 06:32:50 
Thanks Jorge,

I'm not using any specific VPN solution, Me and my
colleagues are
developing a secure VPN solution based on kernel TUN/TAP
driver.
Since we have full control over our tap interface we just
need to
redirect the whole traffic coming into the eth0 (from a LAN)
into the
tap interface, so we can read them (I mean Ethernet frames
in Layer 2)
and send them out from the other pysical interface (eth1).
BTW, Redirecting a single or even multiple ports won't work
in my
situation, because I want whole traffic in layer 2, not a
specific port
number.

Thanks,
Arash


On Tue, 2007-09-11 at 19:40 -0600, Jorge Davila wrote:
> Arash:
> 
> AFAIK, you must open a path in the firewall to the vpn
daemon 
> (port/protocol) and the daemon will be in charge of
administering the 
> traffic between the clients and the vpn server.

> Additionally, you must tell to the client where is the
server (the ip 
> address), what device will be used (tun or tap
device).
> 
> May you want ask in the mailing list for the
vendor/provider of the vpn 
> software that you are using.
> 
> 
> Hope this helps,
> 
> Jorge Dávila.
> 
> On Wed, 12 Sep 2007 02:06:53 +0330
>   Arash Yadegarnia <arashbluehome.net> wrote:
> > Hi, 
> > 
> > Here is the situation:
> > 
> > I have a machine with 2 NICs, assume eth0
(192.168.0.10) connected to my
> > LAN, and eth1 (192.168.0.20) connected to Internet
through a gateway.
> > I also, have a virtual tap0 (TUN/TAP) interface
(10.0.0.1) on this
> > machine.
> > 
> > All that I want to do is simply, forwarding ALL
traffic coming to eth0
> > from the LAN, into my tap0 interface, So I can
modify them using my own
> > user space program which can capture packets on
the tap interface and
> > send them on eth1 to another address somewhere in
the world (through
> > Internet).
> > 
> > Since I want IP addresses unchanged, I cannot use
NAT or Masquerading.
> > As far as I know, In this matter forwarding should
be done in Layer-2 so
> > I'm not sure if I can use iptables to do the job.
> > I also have tried bridging but I was trapped in a
horrible bridge loop
> > (Enabling STP on bridge also didn't work for me).
> > 
> > Any ideas? 
> > 
> > Thanks,
> > Arash
> > 
> > 
> > 
> 
> Jorge Isaac Davila Lopez
> Nicaragua Open Source
> +505 430 5462
> davilanicaraguaopensource.com
>
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )