Been a while since I've looked at the linux networking code, but basically, the kernel works hard to track the origin of packets as local or remote. I can't say that I'm particularly surprised with your findings and unfortunately, I don't have any suggestions to trick the kernel/iptables other then to suggest asking the linux networking mailing list and see what they say.
If they can suggest a trick I can use in the code to make this possible, I'd be willing to consider it, but I'm not aware of any means for me to make this work. -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin On Jan 25, 2008 6:45 AM, vcarela <[EMAIL PROTECTED]> wrote: > Hello list, > > I am trying to test differents functionalities of iptables and to do it > I have these conditions: > > A Debian 2.6.23.1 machine with only one NIC (eth0) > iptables v1.4.0 > tcpreplay v.3.2.4 (libpcap 0.9.7) > trace file of a foreing network router (*.pcacp) > > > As far as I know iptables cannot read a pcap file. Tcpreplay is a good > solution to read this file and send it as a traffic. The problem is that > I have only one interface, eth0. I have tried some experiments but > always with a failed final. > > * First try: I created a dummy interface and I sent directly the > traffic. I could see the traffic with tcpdump but not with iptables. > Then I read in the list that tcpreplay uses a special sockets that > bypass the iptables level so I have to send it between two interfaces. > > * Second try: I created a bridge with brctl and added the dummy > interface. Then I sent the traffic to the bridge but the result was the > same. The dummy interface receive the packets but not the iptables. (I > always use tcprewrite to modify the destination MAC) > > * Third try: I tried to create two dummy interfaces but the dummy module > does not allow it. Then I disconnected the eth0 to Internet and added > the eth0 to the bridge. I tried different possibilities between the two > interfaces but the eth0 received nothing (and the MACs had been modified > correctly). > > ip_forwarding is always 1 > rp_filter is always 0 > > Another issue is that I cannot modify the IPs because I need it to test > a extension of iptables, layer7 filter. > > Would it have to be possible to test this with eth0 and the dummy > interface? Could be better use an usermode linux to create another > interface? Which can be the reason so eth0 did not receive anything > (because is not physically connected)? I did not use tcpprep, should I > use it? > > > Any ideas? > > ValentÃn ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users
