Problems I can't name proper :-(
- To: debian-firewall@lists.debian.org
- Subject: Problems I can't name proper :-(
- From: Lars Hallberg <lah@micropp.se>
- Date: Mon, 7 Jun 1999 11:58:27 +0200
- Message-id: <[🔎] 19990607115827.A8392@micropp.se>
- In-reply-to: <19990604122740.13379.qmail@murphy.debian.org>; from debian-firewall-request@lists.debian.org on Fri, Jun 04, 1999 at 12:27:40PM -0000
- References: <19990604122134.19209.qmail@master.debian.org> <19990604122137.6656.qmail@murphy.debian.org> <19990604142905.B13831@micropp.se> <19990604122740.13379.qmail@murphy.debian.org>
Hello
I'm a newbee to netadmin and might just have faild to find the right
docs. In that case. feel free just give my pointers. My lack of
fundamental understandig make me confused about what forum is the
right place. If this is the wrong place, pleas kick me away with
some proper direction.
However, ther is some specal circumstamses that might be of more
generall intrest. And I think it is a case that is becoming more and
more common - in sweaden at least...
My english is poor and I'm not that familliar with network
termenologi so pleas ask if I fail to make myself understod
Anyway, lets go (one illustrasion belove):
It is about an cripeled network devise, a radiomodem that makes a
point to point conection but do emulate ethernet netvork. The
internet end of the conection does inherit the mac adress of my
end of the conection and forward only pakages to that mac (and
brodcasts) back to my end. And it is capable to remember *one*
mac adress only!
I did, suprisingly easy, set my linux box to route pakages thru
itself gracfully. The problem is that mac adresses is transfeared
transparently thru my linux box making the upstream router now
the right mac adress of the other computers on my network.
Unfortunate, packages to thes mac adresses newer comes thru the
radiomodem to my linux box!
The upstream router do cash de mac adresses for some hours so by
configuring my box IP back an forth I got everythin working until
the upstream cash expierd. So, I feel frustratingly close but still
pretty cluless :-(
I have some ide why the mac transparacy is a good thing but now I
want to turn it of and find no way to do it.
My first aproch was to force the devices mac adress on all outgoing
packages. Reding all docs i find on ifconfig that seems inposably.
Have I missed something? Do I'm look in the wrong place?
Second aproch was to use firewall roules to block the relevant
packages (Who is (has?)). But I did't find out hove to do that
and even less hove to still anser them but with my mac adress!
Third aproch whas to configer virtual interfaces on my routing box
so it will recognace all the IP numbers on my network. It works! I
do gett all the packages, but, my box think it *IS* all IP
numbers and refuse to forward them despite routing roules :-(
Now, that is not so supricing but i find nothing a can do about
it. Must have mised somthing. inetd sems unable to descriminate
based on IP number (only port and protocol right?) so i do not
get anywhare in userspace ether. I think it is lurking some
solutions here but a lack the understanding. I don't know
a proper term for what I want to acheve so it is hard to
serch for docs :-(
I have also read docs on the arp roting tabels whitout finding
a clue...
As You hear, i been trying allot but is still clueless. As I'm
a C/C++ programer I even considered hacking the kernel to achive
plan 1 above. But I'm completly new to kernel hacking and know
nofing of the organisation. For start, is ther an generic spot
to atack or shuld one go for the specific ethernet driver. I
think I need som handholding to atemt this.
Speeking of kernels (this is not so well reserched by myself,
apologases if it is FAQs):
* Does the debian kernel source pakage ad things that is not in
vanilla kernel tarballs (default config, patches) ?
* Howe do one find out what is enabled in the precompiled kernel.
Mascarading (witch is an alternativ soluton to some of my tasks)
is exprimental and therfor not on? Is it stable i the 2.2
thred?
* Speeking 2.2, The kernel is self contained? Do that mean it is
safe to intall the kernel binary from potato on slink?
Below is a smal scheme. Ther are plans for more computers on the local
network (hopfully debian ones).
> Internet (ethernet)
> /
> /__ (Mac adress is my ethernet cards adr)
> /
> / 1 Mac Adr
> _________ ______________
> | Radio | 1 (same) Mac Adr | |
> | modem |---------------------Eth0 My |
> --------- | Debian |
> ---------Eth1 router |
> 1 other Mac Adr| |____________|
> _______|__
> | other | local
> | box |
> |________| network
>
> Probably irellevant but
> the other box is an NT
TIA /Lars
Reply to: