You are not logged in.

#1 2019-10-31 07:00:47

gaganbediabcd
Member
Registered: 2019-10-31
Posts: 4

Routing issue

Task: To capture lan traffic on server.
Topology: Access point connected to switch(unmanagable). Host and server is further connected to switch.
Question: I have made a virtual interface on linux server (192.168.2.1) which is the default gateway for other hosts in the network(192.168.2.0). And the server itself(192.168.0.2) is having default gateway of Access Point(192.168.0.1). The problem is server is receiving packets from the lan devices but is not forwarding to access point to access the internet.

Offline

#2 2019-10-31 07:11:04

seth
Member
Registered: 2012-09-03
Posts: 12,895

Offline

#3 2019-11-01 08:48:56

gaganbediabcd
Member
Registered: 2019-10-31
Posts: 4

Re: Routing issue

Description:'ethernet connection'
Interface=enp0s31f6
Connection=ethernet
IP=static
Address=('192.168.0.113/24)
Gateway='192.168.0.1
DNS=('8.8.8.8')


Description='Bridge'
Interface=br0
Connection=bridge
BindsToInterfaces=(enp0s31f6)
IP=static
Address='192.168.2.1/24'
Gateway='192.168.0.113'
SkipForwardingDelay=yes


Made a bridge using netctl.
This is the configuration of interface and bridge. Still doesnt work and now even the server cannot reach internet.

Offline

#4 2019-11-01 11:05:03

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 7,355

Re: Routing issue

Please post outputs of

$ ip address
$ ip route
$ ip -6 route

Multi-init booting with apg Openrc and systemd coexisting
Automounting : not needed, i prefer pmount
Aur helpers : makepkg + my own local repo === rarely need them

Offline

#5 2019-11-02 08:09:04

gaganbediabcd
Member
Registered: 2019-10-31
Posts: 4

Re: Routing issue

ip address
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
    link/ether 6c:2b:59:d3:01:54 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 66:5b:40:0c:ee:57 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/24 brd 192.168.2.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::645b:40ff:fe0c:ee57/64 scope link
       valid_lft forever preferred_lft forever
ip route
192.168.2.0/24 dev br0 proto kernel scope link src 192.168.2.1
ip -6 route
::1 dev lo proto kernel metric 256 pref medium
fe80::/64 dev br0 proto kernel metric 256 pref medium





after executing netctl start br0 , ip in enp0s31f6  disappears

Last edited by gaganbediabcd (2019-11-02 08:10:32)

Offline

#6 2019-11-02 08:31:48

seth
Member
Registered: 2012-09-03
Posts: 12,895

Re: Routing issue

What happened to the virtual interface? What are you actually bridging here?

On a formal note, please edit your your posts and wrap shell output, file contents etc. in "code" tags (to enhance readability)

Offline

#7 2019-11-02 10:32:49

gaganbediabcd
Member
Registered: 2019-10-31
Posts: 4

Re: Routing issue

WhatsApp%2BImage%2B2019-11-02%2Bat%2B3.13.15%2BPM.jpeg

I want to redirect all traffic from hosts to my server to capture packets (and later will be configuring iptables).For that i made a virtual interface. Is that correct approach to do that? If no then how should i do that?
I made a virtual interface (192.168.2.1) with the following

# ip addr add 192.168.2.1/24 dev ensp031f6 label ensp031f6:1

But this is only temporary, after system reboot, the virtual interface vanishes.

But still with the temporary v. interface, communication between 192.168.0.0 and 192.168.2.0 network is not possible.

 ifconfig
enp0s31f6: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.113  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::6e2b:59ff:fed3:154  prefixlen 64  scopeid 0x20<link>
        ether 6c:2b:59:d3:01:54  txqueuelen 1000  (Ethernet)
        RX packets 133  bytes 35567 (34.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 86  bytes 9409 (9.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  memory 0xdf000000-df020000  

enp0s31f6:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.2.1  netmask 255.255.255.0  broadcast 0.0.0.0
        ether 6c:2b:59:d3:01:54  txqueuelen 1000  (Ethernet)
        device interrupt 16  memory 0xdf000000-df020000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 13  bytes 1208 (1.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 13  bytes 1208 (1.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 ip route
default via 192.168.0.1 dev enp0s31f6 
192.168.0.0/24 dev enp0s31f6 proto kernel scope link src 192.168.0.113 
192.168.2.0/24 dev enp0s31f6 proto kernel scope link src 192.168.2.1 
ip -6 route
::1 dev lo proto kernel metric 256 pref medium
fe80::/64 dev enp0s31f6 proto kernel metric 256 pref medium

so two things, how to make v interface permanent and how to make communication possible?

Last edited by gaganbediabcd (2019-11-02 10:35:50)

Offline

#8 2019-11-02 12:37:15

seth
Member
Registered: 2012-09-03
Posts: 12,895

Re: Routing issue

Do you want to turn the server into a router?
https://wiki.archlinux.org/index.php/Router

Or a NAT gateway?
https://wiki.archlinux.org/index.php/Si … AT_gateway

Because w/ only a dumb switch and nothing else you'll require sth. like that to allow multiple hosts WAN access.

I would advise against using a multi-purpose server (with all sorts of inward services like eg. mail, ftp, mpd, … and whatnot) for this task and at least use a virtual machine.
If you care about resources: most consumer routers will provide you w/ this (along the switch) and the typical MIPS or ARM CPU will consume vastly less current than any x86_64 chip what, for a 24/7 setup, will quickly pay for the hardware.

Offline

Board footer

Powered by FluxBB