Add a fake hop in tracert?

Question

A client wants to add a fake hop when someone does a traceroute on his IP address. He has two ip addresses, and one interface (no problem, virtual interfaces solve it). How should I proceed? Is this even possible? I tried iptables forwarding but then it won't show up in a traceroute. I haven't tried other methods though (maybe some sort of bridging?)

Here is the current route shown in tracert: Person doing traceroute -> 1.1.1.2

Here is the planned traceroute result: Person doing traceroute -> 1.1.1.1 (fake hop) -> 1.1.1.2

Update: Added some formatting to clarify that it is not an xy problem. I am absolutely open to any solution, not just iptables (Be it a proper one or a dirty hack)

Edit: It's on one host only (Linux). I also want to do this. It doesn't have to be anything fancy. 1.1.1.1 just needs to show up on a traceroute.

My attempt - Not necessarily the right approach

Update: I tried bouncing off the packet from 1.1.1.2 to 1.1.1.1, then mangling it to decrease TTL, then forward it to 1.1.1.2 (Postrouting -j SNAT --to 1.1.1.1).

Edit: Here are the rules I tried, sensitive info removed:

# Generated by iptables-save v1.4.21 on Mon May 18 15:13:18 2015
*nat
:PREROUTING ACCEPT [8:760]
:INPUT ACCEPT [8:760]
:OUTPUT ACCEPT [1:104]
:POSTROUTING ACCEPT [1:104]
-A POSTROUTING -p icmp -m icmp --icmp-type 8 -j SNAT --to-source 1.1.1.1
COMMIT
# Completed on Mon May 18 15:13:18 2015
# Generated by iptables-save v1.4.21 on Mon May 18 15:13:18 2015
*mangle
:PREROUTING ACCEPT [763:151106]
:INPUT ACCEPT [763:151106]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [299:39396]
:POSTROUTING ACCEPT [299:39396]
-A FORWARD -i eth0 -o eth0:0 -p icmp -m icmp --icmp-type 8 -j TTL --ttl-dec 1
COMMIT
# Completed on Mon May 18 15:13:18 2015
# Generated by iptables-save v1.4.21 on Mon May 18 15:13:18 2015
*filter
:INPUT ACCEPT [839:179066]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [303:40704]
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p udp -m udp --dport 33434:33523 -j ACCEPT
-A FORWARD -d 1.1.1.1/32 -o eth0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
COMMIT
# Completed on Mon May 18 15:13:18 2015

Are both IPs on the same host? Is this a linux or windows host? Please update your question. I'll replace this with the relevant answer should I be able to help. — Hououin Kyouma, May 18 '15 at 16:05
This sounds like an xy problem. http://xyproblem.info/ any chance you can elaborate? — caskey, May 19 '15 at 03:23

score 0 · Answer 1 · answered May 19 '15 at 08:31

In theory, the following should work and achieve what you are seeking.

create a new virtual interface on the server in question and assign it with an IP address, http://linuxconfig.org/configuring-virtual-network-interfaces-in-linux
set the origin IP address/interface so that it points to the new virtual interface that was created in the previous set by altering the routing table (In effect, it becomes a new router/gateway between the source and the target), http://linux-ip.net/html/basic-changing.html

score 0 · Answer 2 · answered May 22 '15 at 14:49

Ok so the only way I can think of is doing so on the host initiating the request. You can add the additional interface there and bond it to an adapter and add routes to have it flow through that interface. The main reason for that is that when the switch finds the MAC address tied to IP 1.1.1.2, your trace will end.

Should you not want to change the requester host for this, you will need to make network changes like modifying the router mimic the additional hop.

Add a fake hop in tracert?

2 Answers2