August 29, 2009 Archives

Sat 29 Aug 2009 @ 22:43 (1251578635)

two local interfaces without loopback

Today I was working with Filippo on some performance analysis. At some point we
needed to send some traffic between two different interfaces on the same Linux
box, but we did not want the traffic routed through the local loopback.

The main problem here seems to be the lack of a direct and clean way to say in
Linux: "yes, this address is on this machine, but do not use the local loopback
for the traffic originating from the same host which needs to reach it".

Different flavours of this problem have been approached in many ways, there is
also a Send-To-Self patch for the kernel.

So this is my sol^W^Wan hack to achieve that using four IP addresses, NAT, and
a few simple changes to the routing table.

ip l s tap1 up
ip l s tap2 up
ip a a 10.10.1.2/32 dev tap1
ip a a 10.10.2.2/32 dev tap2
ip r a 10.10.2.1/32 dev tap1
ip r a 10.10.1.1/32 dev tap2
iptables -t nat -A POSTROUTING -o tap1 -j SNAT --to-source 10.10.1.1
iptables -t nat -A POSTROUTING -o tap2 -j SNAT --to-source 10.10.2.1
iptables -t nat -A PREROUTING -i tap1 -j DNAT --to-destination 10.10.1.2
iptables -t nat -A PREROUTING -i tap2 -j DNAT --to-destination 10.10.2.2
arp -i tap2 -Ds 10.10.1.1 tap1
arp -i tap1 -Ds 10.10.2.1 tap2


Posted by shammash | Permanent Link | Categories: tech