Here is as wacky a situation as you might find...
Given a linux box with two ethernet cards:
eth0 at ip 192.168.100
eth1 at ip 172.16.1.100,
and an internet "appliance" with two ethernet ports:
p0 at ip 192.168.1.101
p1 at ip 172.16.1.1,
I want to force packets from eth0 <--> eth1 to take the path
eth0 <--> p0 <--> p1<-->eth1.
What I have here is an appliance that I want to run some throughput tests.
The cables are set up eth0 <--> p0 and p1<-->eth1 and work (pings
work
just fine)....
no matter what I try, the kernel is too smart for me :-) , and it
routes internally (inside the linux box) instead of entering the outside
world.
Any ideas?
David Purves
On Fri, Dec 07, 2001 at 03:38:48PM -0600, David Purves wrote:> I want to force packets from eth0 <--> eth1 to take the path > eth0 <--> p0 <--> p1<-->eth1. > > What I have here is an appliance that I want to run some throughput tests. > > The cables are set up eth0 <--> p0 and p1<-->eth1 and work (pings work > just fine).... > no matter what I try, the kernel is too smart for me :-) , and it > routes internally (inside the linux box) instead of entering the outside > world.I don''t think that this is possible purely with iproute2. You will probably need at least one extra machine to perform NAT. Perhaps you can get away with UML (usermodelinux). Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services Trilab The Technology People Netherlabs BV / Rent-a-Nerd.nl - Nerd Available - ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet
On Fri, Dec 07, 2001 at 04:46:00PM -0600, Greg Scott wrote:> What if you used some iptables rules to DENY packets from eth0 with > destination ip address 172.16.1.100? I''m thinking you might have to put in > the rules in the OUTPUT table and catch them on the way out from > 192.168.1.100. No clue whether or not that will work, but worth a try.That just drops the packets. You might try some DNAT stuff on the iptables POSTROUTING chain, perhaps that works. I think it might. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services Trilab The Technology People Netherlabs BV / Rent-a-Nerd.nl - Nerd Available - ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet
What if you used some iptables rules to DENY packets from eth0 with
destination ip address 172.16.1.100? I''m thinking you might have to
put in
the rules in the OUTPUT table and catch them on the way out from
192.168.1.100. No clue whether or not that will work, but worth a try.
- Greg
-----Original Message-----
From: David Purves [mailto:davidpurves@mindspring.com]
Sent: Friday, December 07, 2001 3:39 PM
To: lartc@mailman.ds9a.nl
Subject: [LARTC] Forcing an "external" route
Here is as wacky a situation as you might find...
Given a linux box with two ethernet cards:
eth0 at ip 192.168.100
eth1 at ip 172.16.1.100,
and an internet "appliance" with two ethernet ports:
p0 at ip 192.168.1.101
p1 at ip 172.16.1.1,
I want to force packets from eth0 <--> eth1 to take the path
eth0 <--> p0 <--> p1<-->eth1.
What I have here is an appliance that I want to run some throughput tests.
The cables are set up eth0 <--> p0 and p1<-->eth1 and work (pings
work
just fine)....
no matter what I try, the kernel is too smart for me :-) , and it
routes internally (inside the linux box) instead of entering the outside
world.
Any ideas?
David Purves
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO:
http://ds9a.nl/2.4Routing/