cranium2003
asked on
how to get packet info when its forwarded?
hello,
I have setup a network with 4pcs as
HostA
eth0=> 192.168.1.100
Router1
eth0=>10.1.1.1
eth1=>192.168.1.1
Router2
eth0=>10.1.1.100
eth1=>172.16.1.1
HostB
eth0=>172.16.1.100
And set Router1 and Router2 as packet forwarder(Router). Now what i want is when i send a packet from HostA to HostB packet is still sent as src ip=192.168.1.100 and dest ip=172.16.1.100 its ok but how can i check at Router1 that packet is Direct Delivery or Indirect Delivery?
What i want that i should get information at Router1 that whaterver HostA sends a packet with dest ip 172.16.1.100 i should get that next ip to which packet is going to be forwarded. In here i want to get information that though dest ip is 172.16.1.100 the next ip is 10.1.1.100?
How to get that info???
I have setup a network with 4pcs as
HostA
eth0=> 192.168.1.100
Router1
eth0=>10.1.1.1
eth1=>192.168.1.1
Router2
eth0=>10.1.1.100
eth1=>172.16.1.1
HostB
eth0=>172.16.1.100
And set Router1 and Router2 as packet forwarder(Router). Now what i want is when i send a packet from HostA to HostB packet is still sent as src ip=192.168.1.100 and dest ip=172.16.1.100 its ok but how can i check at Router1 that packet is Direct Delivery or Indirect Delivery?
What i want that i should get information at Router1 that whaterver HostA sends a packet with dest ip 172.16.1.100 i should get that next ip to which packet is going to be forwarded. In here i want to get information that though dest ip is 172.16.1.100 the next ip is 10.1.1.100?
How to get that info???
ASKER
Is there any way to change dst ip to 10.1.1.100? what i have to do for that and how. I am using RedHat linux 9.
you need to add routes for that.
host A:
route add 172.16.1.100 gw 192.168.1.1
router 1:
route add 172.16.1.100 gw 10.1.1.100
router 2:
route add 192.168.1.100 gw 10.1.1.1
host B:
route add 192.168.1.100 gw 172.16.1.1
host A:
route add 172.16.1.100 gw 192.168.1.1
router 1:
route add 172.16.1.100 gw 10.1.1.100
router 2:
route add 192.168.1.100 gw 10.1.1.1
host B:
route add 192.168.1.100 gw 172.16.1.1
ASKER
hello joju,
I have already did that and able to ping from HostA to HostB. Let me more explanatory about my problem:-
When HostA sends packet for HostB it comes to Router1 and Router1 has to change its src ip 192.168.1.100 to 10.1.1.1 and dest ip 172.16.1.100 to 10.1.1.100.
Same at Router 2 when it receives packet with src ip 10.1.1.1 change that to 10.1.1.100/172.16.1.1 and dst ip 172.16.1.100
But i think it will not work as At router2 packet lost dst ip address. Will it work?
I have already did that and able to ping from HostA to HostB. Let me more explanatory about my problem:-
When HostA sends packet for HostB it comes to Router1 and Router1 has to change its src ip 192.168.1.100 to 10.1.1.1 and dest ip 172.16.1.100 to 10.1.1.100.
Same at Router 2 when it receives packet with src ip 10.1.1.1 change that to 10.1.1.100/172.16.1.1 and dst ip 172.16.1.100
But i think it will not work as At router2 packet lost dst ip address. Will it work?
ASKER
ok i figure out that Destination NAT is not possible only Source NAT.So Please consider my problem restated as instead what i asked in my above comment
On linux pc made as Router,when a packet is built after IP header addded to packet I want to check whether a packet is having its destination ip == any local internal attached networks ip or not how to do that?
On linux pc made as Router,when a packet is built after IP header addded to packet I want to check whether a packet is having its destination ip == any local internal attached networks ip or not how to do that?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
hello,
>3. packet ip address will be changed only if you are using nat. other wise if you are using only routes then ip address wont be changed.
How to use nat that will change each outside worlds incoming packet at Router as Routers ip in source and send it to internal organization? Also How to use nat that will change each incoming IP packet from internal organization on Router as Routers source ip to outside world and send it to outside world? I think thats called SNAT and DNAT right??
>3. packet ip address will be changed only if you are using nat. other wise if you are using only routes then ip address wont be changed.
How to use nat that will change each outside worlds incoming packet at Router as Routers ip in source and send it to internal organization? Also How to use nat that will change each incoming IP packet from internal organization on Router as Routers source ip to outside world and send it to outside world? I think thats called SNAT and DNAT right??
you can use the following nat rule
1. if you are changing source ip of packet comming from outside world to that of routers ip, ur clients may not accept the packets as they will think that its not for them.
then also if you want to do like that then, use
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
2. if you want to change source ip of packets going to outside world to that of ur routers ip then use
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
what ever packet going out of eth1 will be nated to routers IP.
and response comes back to router, by using the nat table, the routers ip will be replaced to the clients ip and client will recieve the packet.
so i guess you will be using only step two for practical purpose.
Thanx
Joju.
1. if you are changing source ip of packet comming from outside world to that of routers ip, ur clients may not accept the packets as they will think that its not for them.
then also if you want to do like that then, use
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
2. if you want to change source ip of packets going to outside world to that of ur routers ip then use
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
what ever packet going out of eth1 will be nated to routers IP.
and response comes back to router, by using the nat table, the routers ip will be replaced to the clients ip and client will recieve the packet.
so i guess you will be using only step two for practical purpose.
Thanx
Joju.
ASKER
Thanks Joju,
I did it on 2 Routers in 4 computer LAN and setup 3 networks among them and when i ping from HostA to HostB through Router1 and Router2,
Router1 has to SNAT and it did and sends a ping to HostB with HostB receiving src ip of ping packet as that Router1 but reverse pong packet from HostB to HostA does not changes src ip at Router2. why?
I added following to iptables
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
on both Routers as both have eth0 directly connected.
My configuration is
HostA
eth0=> 192.168.1.100
Router1
eth0=>10.1.1.1
eth1=>192.168.1.1
Router2
eth0=>10.1.1.100
eth1=>172.16.1.1
HostB
eth0=>172.16.1.100
I did it on 2 Routers in 4 computer LAN and setup 3 networks among them and when i ping from HostA to HostB through Router1 and Router2,
Router1 has to SNAT and it did and sends a ping to HostB with HostB receiving src ip of ping packet as that Router1 but reverse pong packet from HostB to HostA does not changes src ip at Router2. why?
I added following to iptables
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
on both Routers as both have eth0 directly connected.
My configuration is
HostA
eth0=> 192.168.1.100
Router1
eth0=>10.1.1.1
eth1=>192.168.1.1
Router2
eth0=>10.1.1.100
eth1=>172.16.1.1
HostB
eth0=>172.16.1.100
I guess the MASQUERADE rule on router2 wont work as already the source ip is in 10. net
try this
on routers both rules
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
with this rule if you ping from hostA to hostB
1. ping packet on router1 source will be replaced with 10.1.1.1
2. ping packet on router2 source will be replaced with 172.16.1.1
3. ping response on router2 source will be replaced with 10.1.1.100
4. ping response on router1 source will be replaced with 192.168.1.1
Thanx
Joju.
try this
on routers both rules
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
with this rule if you ping from hostA to hostB
1. ping packet on router1 source will be replaced with 10.1.1.1
2. ping packet on router2 source will be replaced with 172.16.1.1
3. ping response on router2 source will be replaced with 10.1.1.100
4. ping response on router1 source will be replaced with 192.168.1.1
Thanx
Joju.
ASKER
hello,
> I guess the MASQUERADE rule on router2 wont work as already the source ip is in 10. net
why ?
What i observe that ping from HostA(192.168.1.100) to HostB(172.16.1.100) goes to Router1 which does Snat and change src ip from 192.168.1.100 to 10.1.1.1 and same will appear on Router2 to HostB.
Then Pong(response) packet has srcip 172.16.1.100 and dst 192.168.1.100 as its not changed but same packet appear on Router2->Router1->HostA
> I guess the MASQUERADE rule on router2 wont work as already the source ip is in 10. net
why ?
What i observe that ping from HostA(192.168.1.100) to HostB(172.16.1.100) goes to Router1 which does Snat and change src ip from 192.168.1.100 to 10.1.1.1 and same will appear on Router2 to HostB.
Then Pong(response) packet has srcip 172.16.1.100 and dst 192.168.1.100 as its not changed but same packet appear on Router2->Router1->HostA
should give someting like this
172.16.1.100 via 10.1.1.100 dev eth0 src 10.1.1.1
hope this is the info what you need
Thanx
Joju.