Home / server / Questions / 783180
Accepted
Sander
Asked: 2016-06-11 01:59:49 +0800 CST

Dual interface PC with one IP address

  • 772

I would like to set up a machine with 2 network interfaces in the following setup:

LAN1 <---> PC <---> LAN2

The tricky part is that the PC should be accessible from both LAN1 and LAN2 with the same IP address, and LAN1 and LAN2 should not be connected. So far I've tried:

1) Setting up a bridge on the two interfaces; however bridges are generally designed to forward traffic, and I do not want that behaviour.

2) Setting up a bonding interface with mode 3. This works but sends any reply from the PC out on both interfaces.

Do you guys know any alternatives?

Thanks,

Sander

networking bonding bridge duplicate-ip

2 Answers

  1. I think you mean this:

    • eth0 connected to one network which has 192.168.0.0/24
    • eth1 connected to another network which also has 192.168.0.0/24
    • The network on one side is a different broadcast domain to the network on the other side
    • Your PC to have the same IP address (eg: 192.168.0.1/24) in both networks

    Is that right?

    That's not the correct way to setup a network. The system can only have one interface on which to contact a given subnet.

    Say your system (192.168.0.1) wants to contact another system (192.168.0.2). Which interface should it use? There is no way to tell. If that destination IP exists in both subnets, which is the correct destination system to contact? There is no way to tell.

    You'll need to number each interface differently, like this:

    • eth0 - 192.168.0.1/24
    • eth1 - 192.168.1.1/24

    Then do SNAT and DNAT on the eth1 interface, so your system thinks it's talking to a different network, but iptables is actually rewriting the packets with a different source/dest IP on the way in/out.

    • 1
  2. Best Answer

    I found a neat working solution here myself, sharing it for people with similar problems.

    A bridge was what I needed after all; and you can manipulate the behaviour pretty easily using ebtables. To make sure that the bridge does not forward packets, all I needed to do was change the ebtables "forward" policy to "drop". This makes it so that packets coming in on eth0 are never sent out on eth1, while you still have nice features of a bridge (1 IP reachable from both sides) on your box.

    The PC now listens on both interfaces for the same IP, and chooses on which interface it sends out packets based on its ARP resolutions.

    Code: 

    ebtables -P FORWARD DROP
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 eth1
    • 0