Dual interface PC with one IP address

Question

I would like to set up a machine with 2 network interfaces in the following setup:

LAN1 <---> PC <---> LAN2

The tricky part is that the PC should be accessible from both LAN1 and LAN2 with the same IP address, and LAN1 and LAN2 should not be connected. So far I've tried:

1) Setting up a bridge on the two interfaces; however bridges are generally designed to forward traffic, and I do not want that behaviour.

2) Setting up a bonding interface with mode 3. This works but sends any reply from the PC out on both interfaces.

Do you guys know any alternatives?

Thanks,

Sander

I think what you're looking for are Linux network namespaces — HBruijn, Jun 10 '16 at 10:10
@HBruijn Thanks for pointing me in this direction, it works well with (ar)ping etc. , but my own applications (both server- and client-style) are not reachable/useable. Do you happen to know how to use them? — Sander, Jun 20 '16 at 07:35

score 1 · Answer 1 · answered Jun 16 '16 at 11:14

I think you mean this:

eth0 connected to one network which has 192.168.0.0/24
eth1 connected to another network which also has 192.168.0.0/24
The network on one side is a different broadcast domain to the network on the other side
Your PC to have the same IP address (eg: 192.168.0.1/24) in both networks

Is that right?

That's not the correct way to setup a network. The system can only have one interface on which to contact a given subnet.

Say your system (192.168.0.1) wants to contact another system (192.168.0.2). Which interface should it use? There is no way to tell. If that destination IP exists in both subnets, which is the correct destination system to contact? There is no way to tell.

You'll need to number each interface differently, like this:

eth0 - 192.168.0.1/24
eth1 - 192.168.1.1/24

Then do SNAT and DNAT on the eth1 interface, so your system thinks it's talking to a different network, but iptables is actually rewriting the packets with a different source/dest IP on the way in/out.

I agree this is not a normal way to set up a network - I left out quite some details for simplicity sake, but it is basically what I need. Interesting idea, however I do not agree with you that there is no way to tell on which side a frame should be sent out; a bridge setup will send out ARP requests on both sides and will then send out its IP packets based on its ARP resolution. I've found a way myself in the meantime, see my own answer. — Sander, Jun 21 '16 at 14:54

score 0 · Accepted Answer · answered Jun 21 '16 at 14:46

I found a neat working solution here myself, sharing it for people with similar problems.

A bridge was what I needed after all; and you can manipulate the behaviour pretty easily using ebtables. To make sure that the bridge does not forward packets, all I needed to do was change the ebtables "forward" policy to "drop". This makes it so that packets coming in on eth0 are never sent out on eth1, while you still have nice features of a bridge (1 IP reachable from both sides) on your box.

The PC now listens on both interfaces for the same IP, and chooses on which interface it sends out packets based on its ARP resolutions.

Code:

ebtables -P FORWARD DROP
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1

Interesting abuse of the bridge driver. – suprjami Jun 22 '16 at 20:11 — suprjami, Jun 22 '16 at 20:11

Dual interface PC with one IP address

2 Answers2