On Wed, Jan 14, 2015 at 1:56 PM, Pascal Hambourg <pascal@xxxxxxxxxxxxxxx> wrote: > Stéphane Charette a écrit : >> This gives me a working home router with nat/masquerading capability. > > IIUC, this acts as a "stub" router routing between two networks on the > same interface. Correct ? Yes, I have one interface connected to my cable modem which DHCPs a 192.168.1.x address, and I'm using the alias (or the TAP interface) to bring up a different 10.x network for my local machines. >> But if instead of creating an alias with the ifconfig command, I >> instead use a TAP device opened up from some C++ code with the same >> 10.0.1.1/24 address, I don't see any traffic coming into the TAP >> interface. > > How do you send trafic through the TAP interface ? This is the part I'm thinking I did wrong. How should I get traffic to flow through the TAP interface? When I bring up an alias and give it a 10.0.1.1/24 address, all my other machines are set to use 10.0.1.1 as their router, and everything works. All traffic goes to that box, and using "sudo conntrack --dump" I see all flows. But when I try to use the TAP interface instead of the alias, no traffic is flowing through the TAP. I'm guessing there is some tap/route/iptables magic needs to happen so the TAP interface with a 10.0.1.1 address can be seen? >> What I eventually want is to have a user-space C++ application that >> can examine traffic, and make decisions on what traffic to drop, >> modify packets, or packets to log. Then that C++ application sends >> the remaining packets on their way. Is it possible to use iptables >> for this? > > You may want to check the QUEUE and NFQUEUE targets. Ah! Thank you for that hint. My iptables man page (on Ubuntu 14.10) is incomplete, and I didn't realize what NFQUEUE did! Just did a google search for it, and wow! I think this may be exactly what I need. Stéphane -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
