0

I have a RHEL 7 (IP 192.168.0.10/24) and RHEL 8 (IP 192.168.0.11/24) host both of which are getting duplicated packets from a router which are intended for a different host (IP 192.168.1.10/24). How can I use iptables on the RHEL 7 host and nftables on the RHEL 8 host to modify the destination IP so that each host receives the packet as if it was truly the destination?

Sample packet on the rhel7 host:

[root@rhel7 ~]# tcpdump -nni eth0 port 20800
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
11:43:53.339859 IP 1.2.3.4.22551 > 192.168.1.10.20800: Flags [S], seq 2316850366, win 29200, options [mss 1460,sackOK,TS val 3894703027 ecr 0,nop,wscale 7], length 0

I think something has to be done in the prerouting table but I didn't have success with this:

iptables -t nat -I PREROUTING -d 192.168.1.10 -j DNAT --to 192.168.0.10

Any suggestions? I assume once the iptables command is figured out, the nftables command be found using iptables-translate.

glasstea
  • 1
  • This looks like a network configuration error, and you should fix the actual error instead of adding workarounds. – Tero Kilkanen Jan 27 '22 at 19:00
  • I can get access to the router. Do you think the router needs a postrouting rule to change the destination address after the duplication? The duplication rule is `add rule ip filter forward ip saddr 1.2.3.4 ip daddr 192.168.1.10 tcp dport 20800 dup to 192.168.0.10 counter` – glasstea Jan 28 '22 at 10:36
  • One problem is that the same L2 network contains two different IP subnets (`192.168.0.0/24` and `192.168.1.0/24`). Those should be in separate broadcast domains, with a router in between. – Tero Kilkanen Jan 28 '22 at 16:07

0 Answers0