Date: Fri, 5 Apr 2002 18:48:09 -0600 (CST) From: Nick Rogness <nick@rogness.net> To: Alex Rousskov <rousskov@measurement-factory.com> Cc: freebsd-net@FreeBSD.ORG Subject: Re: Forcing packets to the wire Message-ID: <Pine.BSF.4.21.0204051826180.95757-100000@cody.jharris.com> In-Reply-To: <Pine.BSF.4.10.10204051543440.54230-100000@measurement-factory.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 5 Apr 2002, Alex Rousskov wrote: > Hi there, > > I have two Ethernet NICs inside a PC. I want TCP/IP packets to > leave one NIC, go on the wire, and eventually arrive at the other NIC. > I do not want the kernel to be smart and shortcut the path. I want the > outside world to see the packets and to think that my two NICs are two > PCs talking to each other. > > Could any networking guru answer the following questions: > > - Is it possible without kernel modifications? How? AFAIK, No. Your only 2 possiblities that I could think of would be to use policy routing or natd. Both will fail in this case. > > - If kernel modifications are required, how extensive > would they be (e.g., how many hours would it take a guru > to implement the required functionality)? > I'm not sure, but I would assume it would be painful. > I am flexible as far as IP addressing scheme is concerned, > though I would prefer to be able to put both NIC IP addresses on one > and on separate subnets (from the outside world point of view). Again, > I want the outside world think that these NICs are inside two PCs. > This is violating basic routing principles so it doesn't matter which IP subnets you use. > If you want to know a "use case" for this strange requirement, > here it is: I am building an appliance to test HTTP proxies. I want an > appliance to have one NIC for the "client side" and one NIC for the > "server side". I want to be able to run no-proxy test through the > networking gear (a baseline experiment testing hubs/switches for > bottlenecks), and I want to test "transparent proxies" (clients think > they send requests directly to servers). > > There is probably a better solution than trying to hack the kernel to do this. From the above paragraph, it sounds like you could bridge across the 2 interfaces and do some tricks with IPFW to direct traffic for your transparent proxy stuff. I would need more details to be sure. Nick Rogness <nick@rogness.net> - Don't mind me...I'm just sniffing your packets To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0204051826180.95757-100000>