CentOS - Nov 2010 - Addressing outgoing connections to a specific interface

On a CentOS 5.5 laptop (Dell Inspiron, dual boot with a Debian-based
distro) I have a cable plugged into eth0 which is on a LAN with no
internet connection. Additionally, I connect wirelessly on wlan0 to
the internet. Both connections have router on  the 192.168.0.1
address.

Although I need to stay connected to the wireless router, can I still
access the address 192.168.0.1 on the wired interface? Some googling
led me to the keyword "loopback" but I am at a loss as how to
configure it, or if this is even the right idea. If there is a
specific page that I should be reading in the fine manual then please
do RTFM me, as I myself failed to find the proper page.

Thanks in advance.

-- 
Dotan Cohen

http://gibberish.co.il
http://what-is-what.com

Dotan,
On 6 November 2010 13:04, Dotan Cohen <dotancohen at gmail.com>
wrote:
> Although I need to stay connected to the wireless router, can I still
> access the address 192.168.0.1 on the wired interface? Some googling
> led me to the keyword "loopback" but I am at a loss as how to
> configure it, or if this is even the right idea. If there is a
> specific page that I should be reading in the fine manual then please
> do RTFM me, as I myself failed to find the proper page.
I think I need to drink more coffee because I'm failing to understand
what you're trying to achieve.

If wlan and eth0 are connected to the same network with different IPs
and you want to use the eth0's IP address on wlan0 when eth0 is not
connected, you use ifconfig with wlan0:1 notation to assign eth0's IP
to wlan0:1.

If you want to access from your LAN network to your WiFi network, you
need to set up one of the following,
a) a bridge (assuming you want to join your WLAN and LAN networks)
b) a masquerading setup
c) plain old routing between two networks

All of them should work but behave slightly differently.
Bridge is useful when you want to join two networks, masquerade is OK
if you don't want to access from WiFi network to your LAN network,
otherwise you will have to set up port forwardings, if you chose to
route in between, then your WiFi router need to be aware of your LAN
and have your laptop in between as a gateway to route the correct
packages.
-- 
Hakan (m1fcj) - http://www.hititgunesi.org

On 6 November 2010 13:04, Dotan Cohen <dotancohen at gmail.com>
wrote:
> Although I need to stay connected to the wireless router, can I still
> access the address 192.168.0.1 on the wired interface? Some googling
> led me to the keyword "loopback" but I am at a loss as how to
> configure it, or if this is even the right idea. If there is a
> specific page that I should be reading in the fine manual then please
> do RTFM me, as I myself failed to find the proper page.
(re-reading what you wrote) I think I now get it.

You want to use both network cards at the same time. Yes, it's doable.
The easiest method would be bonding.

-- 
Hakan (m1fcj) - http://www.hititgunesi.org

On Nov 6, 2010, at 9:04 AM, Dotan Cohen wrote:
> Both connections have router on  the 192.168.0.1
> address.
>
> Although I need to stay connected to the wireless router, can I still
> access the address 192.168.0.1 on the wired interface?
What you want is a NAT to take, say, 192.168.1.0/24 and translate it  
to the eth0 192.168.0.0/24 network, where the translation occurs at  
the egress of eth0 (that is, the 192.168.1.0/24 route is set to go out  
eth0, and the egress (and by extension the ingress) traffic gets  
translated.

How you would do this in iptables I'm not sure; I've done it with  
Cisco hardware, as this is a common issue when joining two RFC 1918  
networks together that have overlapping address space.

But at the end you would access 192.168.1.1 and it would get  
translated to 192.168.0.1 at the eth0 point and wouldn't interfere  
with the wlan0 version of the 192.168.0.1 address.  I'm not exactly  
100% sure it can be done without an external NAT box, but a small  
external router that can do NAT would make it much easier.

On Nov 6, 2010, at 4:05 PM, Dotan Cohen wrote:
> On Sat, Nov 6, 2010 at 20:51, Lamar Owen <lowen at pari.edu> wrote:
>> But at the end you would access 192.168.1.1 and it would get
>> translated to 192.168.0.1 at the eth0 point and wouldn't interfere
>> with the wlan0 version of the 192.168.0.1 address.  I'm not exactly
>> 100% sure it can be done without an external NAT box, but a small
>> external router that can do NAT would make it much easier.
>>
>
> That is not what I am trying to do, I will try to rephrase:
> I have a laptop connected to two network interfaces: eth0 and wlan0.
> Each interface connects to a different LAN. Both LANs have machines on
> the 192.168.0.1 address that I must access via port 80 in a web
> browser.
>
> I don't need to access each one at the same time, but I do need to
> leave both interfaces up for other software running on this machine.
> CentOS 5.5, Dell Inspiron laptop.
Right, I understood that.  If you did a NAT you would access the WLAN  
one with its native 192.168.0.1, and the other one on eth0 with the  
translated (also RFC 1918) address, whatever you might have set that  
to.  Now, I do realize that some routers will re-inject their IP  
address into URLs, and that might break things; fixable using DNS, but  
that's neither here nor there.

And your machine itself needs access to both routers at the same time,  
whether you do or not, as you've described things, since one of those  
routers is the default gateway for the machine.
> I suppose that I need either:
>
> 1) An address system such as eth0:192.168.0.1 and wlan0:192.168.0.1
> (syntax invented to illustrate idea, it doesn't really work!)
>
> -or-
>
> 2) A way to do something like this as a user without affecting other  
> users:
> $ export INTERFACE=eth0
> $ lynx 192.168.0.1
> $ export INTERFACE=wlan0
> $ lynx 192.168.0.1
2.5) The iptables -mowner --uid-owner rule might help you. (see
http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#OWNERMATCH
  )

It has breakage as noted in the tutorial, however.

Packet routing isn't designed to switch between multiple devices with  
the same address; the interface used isn't supposed to matter, in the  
eyes of the routing table (and in normal IP practice).  Addresses are  
supposed to be unique, from the point of view of any given IP host, in  
other words.  This is the problem NAT was invented to solve.  Some  
routing protocols deal with this in ways, but, again, these protocols  
assume that if the address is the same, it's going to the same host.   
But you already knew all that.....and I know you already knew all that.
> -or-
>
> 3) A pony.
Choice three, like much of the whole IP routing infrastructure, leaves  
piles of poo lying around in too many places....

On Nov 6, 2010, at 5:19 PM, Bob McConnell wrote:
> But I still wonder if you are unique in finding this address  
> collision,
> or do others also have the same problem? If it is widespread, then it
> should be solved by the people managing those devices.

Nah; one of the prominent use cases for NAT on Cisco routers is  
linking between two overlapping networks. (see
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080093f30.shtml
  )

This happens when companies merge, for instance, and both of them used  
the same or overlapping RFC1918 networks; happens a lot with  
10.0.0.0/8 and 192.168.0.0/16 (mostly in the 192.168.0.0/24 and  
192.168.1.0/24), not so much in 172.16.0.0/12 (which then becomes a  
popular pool to NAT the overlappers to).  Judicious NAT and split DNS  
help solve the problem until things can get renumbered.  Large  
networks never do get renumbered, and NAT between enterprise networks  
lives on.

IPv6 includes a large block of ULA addresses to hopefully reduce  
collisions of this sort for non-globally-routed addresses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.centos.org/pipermail/centos/attachments/20101106/6989ef65/attachment-0001.html>

On Nov 6, 2010, at 9:04 AM, Dotan Cohen <dotancohen at gmail.com> wrote:
> On a CentOS 5.5 laptop (Dell Inspiron, dual boot with a Debian-based
> distro) I have a cable plugged into eth0 which is on a LAN with no
> internet connection. Additionally, I connect wirelessly on wlan0 to
> the internet. Both connections have router on  the 192.168.0.1
> address.
> 
> Although I need to stay connected to the wireless router, can I still
> access the address 192.168.0.1 on the wired interface?
Only if you change the ip of one of those routers, then set the default route to
the Internet router and set route for 192.168.0.0 to the internal router.

All requests for 192.168.0.0 that can't be ARP'd will be routed to the
internal router.

-Ross

On Sunday, November 14, 2010 08:28:40 am Dotan Cohen
wrote:
> On Thu, Nov 11, 2010 at 00:08, Lamar Owen <lowen at pari.edu> wrote:
> > I'll have to admit to some curiosity in how to do this myself; I
might lab it up one day and see, when I have more time to spend on it.
> Thank you Lamar, I have spent some time googling and learning the
> concepts that you mention. I'm not much closer to a solution to this
> issue, but I have a much better understanding of IP networks. The
> routing tables and netmask concepts were big holes my my knowledge,
> and I'm the better for having invested in this query now that I've
> cleared some things up.
You're more than welcome.  I've found your port knocking document useful
as well; community is about sharing knowledge.  And given my own (quite basic)
study of Hebrew, I find much more interesting on your site.