From owner-freebsd-net@FreeBSD.ORG Mon Apr 26 11:43:23 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 36ABD16A4CF for ; Mon, 26 Apr 2004 11:43:23 -0700 (PDT) Received: from magellan.palisadesys.com (magellan.palisadesys.com [192.188.162.211]) by mx1.FreeBSD.org (Postfix) with ESMTP id C6ECA43D48 for ; Mon, 26 Apr 2004 11:43:22 -0700 (PDT) (envelope-from ghelmer@palisadesys.com) Received: from mira (cetus.palisadesys.com [192.188.162.7]) (authenticated bits=0)i3QIgKMt089970 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Mon, 26 Apr 2004 13:42:20 -0500 (CDT) (envelope-from ghelmer@palisadesys.com) From: "Guy Helmer" To: "David Yeske" , Date: Mon, 26 Apr 2004 13:42:19 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <20040426182243.59597.qmail@web13506.mail.yahoo.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal Subject: RE: netgraph arp issues vs linux veth X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Apr 2004 18:43:23 -0000 David Yeske wrote on April 26, 2004 1:23 PM > I made another attempt with netgraph and I think I'm almost there, but I'm > still having some issues. I found a linux solution called veth > http://www.geocities.com/nestorjpg/veth/ which might do the job, > but I would > prefer to use netgraph if possible. Here is some more detailed config > information. > > I ran this on the spoof machine > > # ngctl mkpeer . eiface hook ether > # ifconfig ngeth0 link 00:bd:03:12:12:12 > # ifconfig ngeth0 192.168.10.3 netmask 255.255.255.0 > ... Yes, I initially thought this would be a great solution until I remembered how the machine would route 192.168.10.3, as you found below: > on the remote machine an arp -a lists this > ? (192.168.10.3) at 00:bd:03:12:12:12 on rl0 [ethernet] > ? (192.168.10.1) at 00:00:e8:5b:13:44 on rl0 permanent [ethernet] > ... > a sniff on the spoof machine listed this while pinging the remote machine > > # tcpdump -i ngeth0 'ether host 00:00:e8:5b:13:44' > tcpdump: listening on ngeth0 > 14:03:30.519263 arp reply 192.168.10.1 is-at 0:0:e8:5b:13:44 > ... > > a sniff on the remote machine listed this while pinging the spoof machine > > # tcpdump -i rl0 'ether host 00:bd:03:12:12:12' > tcpdump: listening on rl0 > 14:02:24.918804 192.168.10.1 > 192.168.10.3: icmp: echo request > 14:02:29.179263 arp reply 192.168.10.1 is-at 0:0:e8:5b:13:44 Doug Ambrisko and I discussed this routing issue a couple of years ago. Doug wrote a layer-2 network address translator to work around the fact that multiple IP addresses in a single subnet on a computer will route all traffic for that subnet through one interface, resulting in the same Ethernet MAC address irrespective of the IP address. I didn't have the time or hard requirement to implement Doug's solution, though. Perhaps Doug would be willing to help; I've Cc:ed him. Guy Helmer, Ph.D. Principal System Architect Palisade Systems, Inc.