Find the answer to your Linux question:
Results 1 to 2 of 2
Hi all, I have a linux machine running ubuntu server with 2NICS (WAN and LAN). I want the LAN side machines to use the linux box as a gateway to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2011
    Posts
    2

    MAC based NAT


    Hi all,

    I have a linux machine running ubuntu server with 2NICS (WAN and LAN). I want the LAN side machines to use the linux box as a gateway to get on the internet (WAN side). The only problem is that the LAN side machines will have static IP's and cannot be configured for DHCP. I have to work arround the settings they have. I have written a small program which runs on the server, listens to ARP requests and gets all client trafic and NATs them to the WAN side. The clients now can ping google irrespective of their static IP addresses.

    My code does NAT, based on MAC addresses i.e. A client packet from XX:YY will be sent out using 10.0.0.1. as source address. Another client with ZZ:ZZ will have packets with source address 10.0.0.2 on the WAN side interface.

    My problem is that i am having trouble getting TCP/HTTP to work through my NAT. The GET request does not get a reply from the WAN side so i am stuck and thinking of alternatives!

    Question time:
    1. can this be done using netfilter and IP tables? instead of writhing my own NAT code.
    2. are there any open source user space NAT programs that i could take and modify?
    3. Can i modify the current netfilter code? will this be a huge task?

    My tools: libpcap, gcc, wireshark, ubuntu server 10.10

    I am new to linux network programming, any sujesions would be appreciated.

    Thanks,

    Mal

  2. #2
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    Why doesn't DHCP work for you? That would lever the MAC/IP resolution and would allow you to forget layer 1. Basically your software would implement features that firewalls (like iptables) already handle nicely. My opinion is that one should never ever merge layer 1 (physical) and layer 2 (addressing). There are several reasons why they were split and several problems for whoever messes up with this (i.e. how would you handle if the network infrastructure changes from ethernet to fibre optic for one host as that one needs a huge throughput?).

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •