On Sat, Feb 15, 2025 at 6:09 AM Alon Bar-Lev <alon.barlev@xxxxxxxxx> wrote:
>
> On Sat, Feb 15, 2025 at 1:57 AM Alon Bar-Lev <alon.barlev@xxxxxxxxx> wrote:
> >
Summary: I am trying to access two devices with the same IP address
connected locally to a Linux computer, each resides in its own VLAN.
I made yet another progress, I use arptables to mangle the ARP request
of the host side, but I am still missing ARP response to the device.
nftables:
---
table ip gnat {
chain prerouting {
type filter hook prerouting priority -300; policy accept;
iifname "v10" ip daddr 10.0.0.11 ip daddr set 192.168.110.11
iifname "v11" ip daddr 10.0.0.11 ip daddr set 192.168.111.11
iifname "v10" ip saddr 10.0.0.10 ip saddr set 192.168.110.10
iifname "v11" ip saddr 10.0.0.10 ip saddr set 192.168.111.10
}
chain output {
type filter hook output priority -300; policy accept;
oifname "v10" ip saddr 192.168.110.11 ip saddr set 10.0.0.11
oifname "v11" ip saddr 192.168.111.11 ip saddr set 10.0.0.11
oifname "v10" ip daddr 192.168.110.10 ip daddr set 10.0.0.10
oifname "v11" ip daddr 192.168.111.10 ip daddr set 10.0.0.10
}
}
---
arptables:
---
arptables --new IN
arptables --new OUT
arptables -A IN --in-interface v10 -d 192.168.110.10 -j DROP
arptables -A IN --in-interface v11 -d 192.168.111.10 -j DROP
arptables -A OUT --out-interface v10 -s 192.168.110.10 -j mangle
--mangle-ip-d 10.0.0.10
arptables -A OUT --out-interface v11 -s 192.168.111.10 -j mangle
--mangle-ip-d 10.0.0.10
---
As far as I could understand, although the arptable uses the backward
compatibility layer of the nftables, the mangle functionality is
missing from the nftables, so I must still use arptables.
Any hint how can I use the arptables or any to respond to the device
ARP for 10.0.0.1 with the MAC address of the 192.168.110.10 or
192.168.110.11 interfaces? This is the last bit which is missing. I
tried all combinations I could find of the arptable mangle, nothing
seems to respond to ARP requests from the outside world.
Regards,
Alon
