I have a VM with two interfaces, eth0 and eth1. I would like packets coming in from eth0 to be processed and if they don't match any rule, get dropped. If they match a rule, then I want them to be forwarded to eth1 without any modification. In other words, source and destination ip of a forwarded packet must remain the same as when they entered in eth0. I was thinking about using iptables for all this process but I am starting to think that the forwarding part, without modifying the packet, is not possible. Can anybody confirm this?
Asked
Active
Viewed 647 times
0
-
What have you tried so far? Why do you think it is not possible to forward a packet? – RalfFriedl Jan 22 '19 at 17:52
-
What kind of rule? Forwarding without modifying packets is standard behaviour – Torin Jan 22 '19 at 17:58
-
Both eth0 and eth1 are in the same L2 network. I wonder how the packet could be forwarded from one to the other – M. Buil Jan 22 '19 at 22:15
-
I removed the ip in eth0 and set it to promiscuous. Activated forwarding, checked that the ip route rule points to eth1 and tried. Packets arrive to eth0 but they don't leave through eth1 – M. Buil Jan 23 '19 at 09:32
1 Answers
1
Enable routing on Linux:
IPv4
/proc/sys/net/ipv4/conf/all/forwarding
IPv6
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
You can also configure this per network adapter instead of globally (replace all with the name of the network adapter). Note that this change does not persist across reboots. To have these applied at boot, you can configure them in /etc/sysctl.conf.
You also should be aware of rp_filter parameter (reverse path filtering).
After IP forwarding is enabled, you can filter forwarded packets by adding rules in iptables (and ip6tables) FORWARD chain.
sebasth
- 14,872
-
I forgot to say that both interfaces are in the same L2 network, therefore, I guess that by just enabling routing in Linux ist not going to be enough – M. Buil Jan 22 '19 at 22:13