Daniel Feiglin wrote:
Hello folks!
I'm trying to use a Linux box as a packet traffic generator. It has two
NICs configured with fixed IP addresses, 192.168.2.100/101. For testing
purposes, I connected the two NICs to each other with a crossed network
cable (hardware loopback). For what it's worth, they can both be pinged
from the host and the ifconfig output looks fine.
Okay, I thought I had a simple answer for you. One that does not involve
multiple machines.
Assuming we want eth0 to be .100 and eth1 to be .101, perform the
following operations:
ifconfig eth0 192.168.2.98
ifconfig eth1 192.168.2.99
route add -host 192.168.2.100 dev eth1
route add -host 192.168.2.101 dev eth0
iptables -A POSTROUTING -t nat -o eth1 -d 192.168.2.100 -j DNAT
--to-destination 192.168.2.98
iptables -A POSTROUTING -t nat -o eth0 -d 192.168.2.101 -j DNAT
--to-destination 192.168.2.99
The idea is to assign one IP address to the interface card, and then try
and connect to another one. Then use iptables to rewrite the packet.
The problem, as anyone trying to implement this will notice, is that the
DNAT rule is illegal in the POSTROUTING table. It is only legal in the
PREROUTING or OUTPUT table, at which point it is too early to make this
change (we will revert back to the original problem).
You can probably rig something up using raw packet modifications, but I
cannot find anything about that.
Another solution, one that requires more work on your part, is to use a
virtual interface (such as tun) for your work, and write the code for
the rewriting inside of it.
Sorry, almost got it :-)
Shachar
--
Shachar Shemesh
Lingnu Open Source Consulting Ltd.
http://www.lingnu.com
_______________________________________________
Linux-il mailing list
Linux-il@cs.huji.ac.il
http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
