Date: Mon, 26 Apr 2004 13:42:19 -0500 From: "Guy Helmer" <ghelmer@palisadesys.com> To: "David Yeske" <dyeske@yahoo.com>, <net@freebsd.org> Subject: RE: netgraph arp issues vs linux veth Message-ID: <FPEBKMIFGFHCGLLKBLMMKEFNCEAA.ghelmer@palisadesys.com> In-Reply-To: <20040426182243.59597.qmail@web13506.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
David Yeske wrote on April 26, 2004 1:23 PM > I made another attempt with netgraph and I think I'm almost there, but I'm > still having some issues. I found a linux solution called veth > http://www.geocities.com/nestorjpg/veth/ which might do the job, > but I would > prefer to use netgraph if possible. Here is some more detailed config > information. > > I ran this on the spoof machine > > # ngctl mkpeer . eiface hook ether > # ifconfig ngeth0 link 00:bd:03:12:12:12 > # ifconfig ngeth0 192.168.10.3 netmask 255.255.255.0 > ... Yes, I initially thought this would be a great solution until I remembered how the machine would route 192.168.10.3, as you found below: > on the remote machine an arp -a lists this > ? (192.168.10.3) at 00:bd:03:12:12:12 on rl0 [ethernet] > ? (192.168.10.1) at 00:00:e8:5b:13:44 on rl0 permanent [ethernet] > ... > a sniff on the spoof machine listed this while pinging the remote machine > > # tcpdump -i ngeth0 'ether host 00:00:e8:5b:13:44' > tcpdump: listening on ngeth0 > 14:03:30.519263 arp reply 192.168.10.1 is-at 0:0:e8:5b:13:44 > ... > > a sniff on the remote machine listed this while pinging the spoof machine > > # tcpdump -i rl0 'ether host 00:bd:03:12:12:12' > tcpdump: listening on rl0 > 14:02:24.918804 192.168.10.1 > 192.168.10.3: icmp: echo request > 14:02:29.179263 arp reply 192.168.10.1 is-at 0:0:e8:5b:13:44 Doug Ambrisko and I discussed this routing issue a couple of years ago. Doug wrote a layer-2 network address translator to work around the fact that multiple IP addresses in a single subnet on a computer will route all traffic for that subnet through one interface, resulting in the same Ethernet MAC address irrespective of the IP address. I didn't have the time or hard requirement to implement Doug's solution, though. Perhaps Doug would be willing to help; I've Cc:ed him. Guy Helmer, Ph.D. Principal System Architect Palisade Systems, Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FPEBKMIFGFHCGLLKBLMMKEFNCEAA.ghelmer>