Find the answer to your Linux question:
Results 1 to 6 of 6
I have a unique problem to contend with. I have 3 machines - 2 running windows XP (say A and B) and 1 running Linux (say C). The architecture is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Sep 2006
    Posts
    4

    How to bypass linux routing??


    I have a unique problem to contend with. I have 3 machines - 2 running windows XP (say A and B) and 1 running Linux (say C). The architecture is something like this -->

    A ---------- (eth0) C (eth1) ------------ B

    A secure IKEV2 tunnel has been created between m/c C (eth1) and m/c B, using the IP address - 192.168.11.30/24 on eth1 on m/c C and IP address - 192.168.11.15/24 on m/c B. Additionally m/c B will also be assigned a virtual IP Address - 192.168.11.202/24. A security policy has been applied to this secure association (SA), indicating that any traffic destined for 192.168.11.202, be tunneled through the SA created between eth1 and the IP 192.168.11.15/24. Machine A needs to be assigned an IP Address - 192.168.11.190/24.

    Now the problem....I need to have traffic sent from m/c A to reach m/c B. The traffic will has source IP - 192.168.11.190 (A's) and dest. IP - 192.168.11.202 (B's virtual). What happens by default, is that eth0 on m/c C drops all packets, as it figures that the traffic is local and never gets to consult the routing table. So when I added a bunch of static routes on m/c C, expecting traffic to be routed from eth0 to eth1...I was left pleasently surprised.

    Question: Is there a means for us to bypass the linux routing logic, so that eth0 on m/c can accept the traffic and bring it up to application?

    Thanks in advance,
    Jayendra Thyagarajan

  2. #2
    Linux Newbie dilbert's Avatar
    Join Date
    Sep 2006
    Location
    Yorkshire, GB
    Posts
    237
    I don't understand fully what is meant. At the end, I am getting confused by the term "bring it up to application".

    Quote Originally Posted by matt_rulez
    expecting traffic to be routed from eth0 to eth1...I was left pleasently surprised.

    Question: Is there a means for us to bypass the linux routing logic, so that eth0 on m/c can accept the traffic and bring it up to application?
    But if I go with your sentence "expecting traffic to be routed from eth0 to eth1", then I think you could look for "Ethernet port bridging".

    E.g., http://linux-net.osdl.org/index.php/Bridge

    At least, on a Linux 2.4 system, it had once to be compiled into the kernel.

  3. #3
    Just Joined!
    Join Date
    Sep 2006
    Posts
    4
    Yeah, I can see now how that last sentence can be confusing...when I said "bring it to up to the application", I actually meant to say that I need the linux machine to accept the packet that it sees on eth0, as against dropping it, so that the packet can then be tunnelled through the secure association.

    Could you elaborate a bit more on how you feel "Ethernet Port Bridging" could be the answer to this? The architecture I mentioned is in reality a test harness, for a generic access network, with the Linux m/c acting as the security gateway to m/c A, which plays the role of a generic access network controller - GANC (some call this - UMA). Machine B (the other windows m/c) is simulating a dual-mode (GSM/GAN) mobile phone. My aim is to create a secure tunnel between the mobile and the security gateway. Once the tunnel is in place, I need to assign the mobile another IP in the secure network (this is the virtual IP, I referred to). All communication between the GANC (m/c A) and the mobile (m/c B) is to be done using the virtual IP.

    Hope this additional information clears up the haze of my previous post.

    Thanks a bunch,
    Jayendra Thyagarajan

  4. #4
    Linux Enthusiast
    Join Date
    Dec 2004
    Posts
    637
    Is the Linux box, computer C performing any other roles other than routing?

  5. #5
    Just Joined!
    Join Date
    Sep 2006
    Posts
    4
    Well..yes. As I mentioned earlier, the Linux machine serves as the security gateway to the network controlled by machine A. Machine B needs to be authenticated at machine C, before it can be assigned an IP (the virtual IP I referred to) in machine A's network. In this case however, both the private IP on machine B (192.168.11.15) and the public IP on machine B (192.168.11.202) are in the same network.

  6. #6
    Just Joined!
    Join Date
    Sep 2006
    Posts
    4

    Solution to bypassing Linux routing

    Hi,

    I posted this thread some time back, trying to figure out a means to bypass linux routing. The purpose was to ensure that a Linux machine acting as a security gateway in a Generic Access Network allows the packets to be routed between interfaces, even though both the ingress and egress interfaces on the LInux machine belong to the same subnet.

    The solution is provided by 'Local Proxy ARP (LPA)'. Enable LPA on the Linux machine. Add routes to identify individual hosts connected on both interfaces and everything should work out.

    Hope this helps someone.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •