0

So, i have two virtual network, a machine with two interfaces, each on a different virtual network (but with the same logical network 192.168.0.0/24 both).

eth1 : 192.168.0.10

eth2 : 192.168.0.20

I have to do a thing which look like "man in the middle" :

                                 |
                                 |       "Man in the middle" machine
    Machine X                    |
 network1 [192.168.0.10  <-------|-> 192.168.0.20 eth2 ]
 --------------------------------|--------------------------------------- 
                                 |
    Machine Y                    |
 network2 [192.168.0.20  <-------|-> 192.168.0.10 eth1 ]
                                 |

I can ping from MAM machine to network1 or network2 with interface param (ping -I ethX X.X.X.X) it's good ( thanks to HERE : rp_filter ...)

But i can't with the other case (ping from external to MAM machine). With wireshark i can see ARP or ping request but i think MAM see source IP and think/link with his local ip, of the other NIC (regardless the NIC "range network" who received) and drop or ignore ...

Any ideas ? I'm lost

(Sorry for my worst/bad English !)

GauWin
  • 1
  • By "virtual network" do you mean a VLAN, or a totally different switch? – Michael Graff Dec 17 '15 at 21:08
  • All this machines are in vSphere, with different virtuel network – GauWin Dec 18 '15 at 08:29
  • If I understand correctly you want to create a kind of firewall between these two machines that are in the same LAN without changing their configuration at all? – Law29 Dec 18 '15 at 23:35
  • I just want to have an 'invisible' machine, between two other machine (so same IP). To do that i have 2 different network and the hidden machine have two network cards. [ Machine X <-----> ( "hidden" Machine ) <-----> Machine Y ] But when i ping from Machine X or Y to hidden machine i have IP conflict, because hidden machine have the same ip of the ping source in the other network card (see diagram above) – GauWin Dec 21 '15 at 08:49

1 Answers1

0

You need to configure a bridge and attach your interfaces to it.

Law29
  • 3,557
  • 1
  • 16
  • 28
  • You should give information on how to do that, brctl addbr, addif, etc, like this question. http://serverfault.com/q/85966/188579. It won't work in his specific case unless he removes the IPs from the NIC and bridge interfaces. Additionally but possibly not applicable here, many interface types that might be used to construct such a logical network (eg tun, gre) cannot be bridged. – Andrew Domaszek Dec 18 '15 at 03:04
  • Ok, so sorry if i don't understand, but i have to create two different bridge and put interfaces on it ? br1 (contains eth1 192.168.0.10) and br2 (contains eth2 192.168.0.20) – GauWin Dec 18 '15 at 09:18