It seems that bonding is "aggregating multiple ethernet channels together to form a single channel", not quite what I am looking for.

To be more specific: I am connected to the internet via wlan0. When I type 192.168.0.1 into my web browser, I get the web control panel of the Linksys router that manages that wireless network. However, at the moment I need to access the web control panel of the D-Link router that manages my eth0 LAN, also on 192.168.0.1 but on the eth0 interface. How can this be done?

Dotan Cohen

http://gibberish.co.il http://what-is-what.com

On Sat, Nov 6, 2010 at 16:29, Markus Falb markus.falb@fasel.at wrote:

Set a temporary additional route #$ ip ro add 192.168.0.1/32 dev eth0

You can get rid of it again with #$ ip ro del 192.168.0.1

Thanks, that is what I need to know! I should be able to google it from here.

However, maybe you really should get rid of such "doubled" adresses or networks.

Neither side is willing to bugde, it's my own doing really and it's in a learning environment, not a business environment, so I learn what I can from it! CentOS seems to be very flexible and configurable, doubly so regarding anything to do with a network, and this is a great way to learn about both the OS and networks in general.

On Sat, Nov 6, 2010 at 19:10, John R Pierce pierce@hogranch.com wrote:

that temporary route will break his internet access, since 192.168.0.1 is ALSO his internet gateway on the W-LAN side.

there's no way around this. if you can readdress one or the other LAN, then this would just work all the time.

This is on the Internet-connected interface: wlan0 Link encap:Ethernet HWaddr 00:18:de:98:c7:34 inet addr:192.168.0.26 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::218:deff:fe98:c734/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:114879 errors:0 dropped:0 overruns:0 frame:0 TX packets:78945 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:104017653 (104.0 MB) TX bytes:11292782 (11.2 MB)

And this is on the LAN-connected interface: eth0 Link encap:Ethernet HWaddr 00:15:c5:c8:13:d1 inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::215:c5ff:fec8:13d1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1921474 errors:0 dropped:0 overruns:0 frame:0 TX packets:8322288 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:146445850 (146.4 MB) TX bytes:3479224403 (3.4 GB) Interrupt:17

I'm not booted into CentOS at the moment (I just rebooted to Ubuntu because my Thunderbird mail is there) but I can reboot if there is any other info that might be relevant. I'm really surprised that it is this difficult (I don't yet believe impossible!) and just assumed that I'm doing things wrong. As the saying goes, if in Linux it is getting difficult, then you are probably doing it wrong! Surely I am not the first person who is connected to two separate LANs and needs to access addresses on both of them.

On Sat, Nov 6, 2010 at 20:05, KevinO kevin@kevino.org wrote:

No. You're just one of the first to want to do it with both sub-nets set up with THE SAME NETWORK ADDRESS.

Move one. Both are adjustable.

I see! Is there no way to do specify which interface (eth0 / wlan0) to use for the rest of a terminal session, without affecting other running processes? The problem pretty much reduces to this.

On Sat, Nov 6, 2010 at 20:14, KevinO kevin@kevino.org wrote:

It boils down to the routing table, which is based on IP address, and this table is system wide.

I see, thanks.

From: Dotan Cohen dotancohen@gmail.com

This is on the Internet-connected interface: wlan0 Link encap:Ethernet HWaddr 00:18:de:98:c7:34 inet addr:192.168.0.26 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::218:deff:fe98:c734/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:114879 errors:0 dropped:0 overruns:0 frame:0 TX packets:78945 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:104017653 (104.0 MB) TX bytes:11292782 (11.2 MB) And this is on the LAN-connected interface: eth0 Link encap:Ethernet HWaddr 00:15:c5:c8:13:d1 inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::215:c5ff:fec8:13d1/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1921474 errors:0 dropped:0 overruns:0 frame:0 TX packets:8322288 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:146445850 (146.4 MB) TX bytes:3479224403 (3.4 GB) Interrupt:17

Not sure if it will work but worth the try... If wlan0 is only for the internet (so no 192.168.x.y destinations), have a default gateway pointing to wlan0. Then have the 192.168.0.0 point to eth0. Something like: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0

JD

On Sat, Nov 6, 2010 at 19:35, Hakan Koseoglu hakan@koseoglu.org wrote:

OK, I got it wrong earlier. Not possible without breaking your WLan network. It's much easier to move the D-Link router to 192.168.0.2 or something else, in most cases it doesn't matter where the router sits. Better, move one of them to an other private network subnet (192.168.1.0/24 maybe?)

Thanks, Hakan. I control neither router! The wireless admin doesn't even understand that her wifi is unsecured (but she says that if I can connect via her connection "somehow" and don't cause trouble, she doesn't mind) and the wired network has too many other-people things already connecting to the 192.168.0.1 address that it would not be feasible to change.

I'll google it some more, this is more of a learning experience for me than a critical issue. I seem to be a bit too convinced that somehow this is possible, and so long as I'm learning I will continue to try. I'll post back if I have any success.

Thanks.

On Sat, Nov 6, 2010 at 20:51, Lamar Owen lowen@pari.edu wrote:

On Nov 6, 2010, at 9:04 AM, Dotan Cohen wrote:

...

Both connections have router on  the 192.168.0.1 address.

Although I need to stay connected to the wireless router, can I still access the address 192.168.0.1 on the wired interface?

What you want is a NAT to take, say, 192.168.1.0/24 and translate it to the eth0 192.168.0.0/24 network, where the translation occurs at the egress of eth0 (that is, the 192.168.1.0/24 route is set to go out eth0, and the egress (and by extension the ingress) traffic gets translated.

How you would do this in iptables I'm not sure; I've done it with Cisco hardware, as this is a common issue when joining two RFC 1918 networks together that have overlapping address space.

But at the end you would access 192.168.1.1 and it would get translated to 192.168.0.1 at the eth0 point and wouldn't interfere with the wlan0 version of the 192.168.0.1 address.  I'm not exactly 100% sure it can be done without an external NAT box, but a small external router that can do NAT would make it much easier.

That is not what I am trying to do, I will try to rephrase: I have a laptop connected to two network interfaces: eth0 and wlan0. Each interface connects to a different LAN. Both LANs have machines on the 192.168.0.1 address that I must access via port 80 in a web browser.

I don't need to access each one at the same time, but I do need to leave both interfaces up for other software running on this machine. CentOS 5.5, Dell Inspiron laptop.

I suppose that I need either:

1) An address system such as eth0:192.168.0.1 and wlan0:192.168.0.1 (syntax invented to illustrate idea, it doesn't really work!)

-or-

2) A way to do something like this as a user without affecting other users: $ export INTERFACE=eth0 $ lynx 192.168.0.1 $ export INTERFACE=wlan0 $ lynx 192.168.0.1

-or-

3) A pony.

Lamar Owen wrote:

On Nov 6, 2010, at 4:05 PM, Dotan Cohen wrote:

...

On Sat, Nov 6, 2010 at 20:51, Lamar Owen lowen@pari.edu wrote:

...

But at the end you would access 192.168.1.1 and it would get translated to 192.168.0.1 at the eth0 point and wouldn't interfere with the wlan0 version of the 192.168.0.1 address. I'm not exactly 100% sure it can be done without an external NAT box, but a small external router that can do NAT would make it much easier.

That is not what I am trying to do, I will try to rephrase: I have a laptop connected to two network interfaces: eth0 and wlan0. Each interface connects to a different LAN. Both LANs have machines on the 192.168.0.1 address that I must access via port 80 in a web browser.

I don't need to access each one at the same time, but I do need to leave both interfaces up for other software running on this machine. CentOS 5.5, Dell Inspiron laptop.

Right, I understood that. If you did a NAT you would access the WLAN one with its native 192.168.0.1, and the other one on eth0 with the translated (also RFC 1918) address, whatever you might have set that to. Now, I do realize that some routers will re-inject their IP address into URLs, and that might break things; fixable using DNS, but that's neither here nor there.

And your machine itself needs access to both routers at the same time, whether you do or not, as you've described things, since one of those routers is the default gateway for the machine.

...

I suppose that I need either:

1. An address system such as eth0:192.168.0.1 and wlan0:192.168.0.1

(syntax invented to illustrate idea, it doesn't really work!)

-or-

2. A way to do something like this as a user without affecting other

users: $ export INTERFACE=eth0 $ lynx 192.168.0.1 $ export INTERFACE=wlan0 $ lynx 192.168.0.1

2.5) The iptables -mowner --uid-owner rule might help you. (see http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#OWNERMATCH )

It has breakage as noted in the tutorial, however.

Packet routing isn't designed to switch between multiple devices with the same address; the interface used isn't supposed to matter, in the eyes of the routing table (and in normal IP practice). Addresses are supposed to be unique, from the point of view of any given IP host, in other words. This is the problem NAT was invented to solve. Some routing protocols deal with this in ways, but, again, these protocols assume that if the address is the same, it's going to the same host. But you already knew all that.....and I know you already knew all that.

To amplify this just a little bit, by the rules of IP routing, every machine must:

A) Have a unique address. B) Be attached to the proper subnet for that address as defined by the local netmask.

Once those are true, there exists a unique route between any two machines connected to the network, or the Internet.

Having said that, part of the 192.168 address block is unique in that it cannot be routed over the Internet. It doesn't exist anywhere as far as those routers are concerned. However, there is a way to map that block of local addresses to routeable addresses, called Network Address Translation (NAT). All you need is one router between the private block and the Internet that you can use to do that mapping. Most firewalls can handle that in their sleep.

So what you need is a way to insert a router between your software and one of your devices with the duplicated address. That router would then translate the addresses in one of those subnets into a unique address that won't conflict with the other. Personally, I would probably use a VM with FreeBSD and/or m0n0wall.

But I still wonder if you are unique in finding this address collision, or do others also have the same problem? If it is widespread, then it should be solved by the people managing those devices.

Bob McConnell N2SPP

On Sat, 2010-11-06 at 17:19 -0400, Bob McConnell wrote:

So what you need is a way to insert a router between your software and one of your devices with the duplicated address. That router would then translate the addresses in one of those subnets into a unique address that won't conflict with the other. Personally, I would probably use a VM with FreeBSD and/or m0n0wall.

But I still wonder if you are unique in finding this address collision, or do others also have the same problem? If it is widespread, then it should be solved by the people managing those devices.

See http://shorewall.net/netmap.html Shorewall firewall alows one to remap addresses. regards, Louis

On 8 November 2010 09:34, Dotan Cohen dotancohen@gmail.com wrote:

Both those conditions are met in this use case, however the machine in question is on two networks:

|--Network1--|--Network2--| A            C            B

A: router on the wireless network B: router on the wired network C: CentOS laptop

Dotan, CentOS, Ubuntu or Windows, it does not matter. You cannot access both networks at the same time unless you bridge them and even then you can only have the machines with unique addresses.

You did say that you're not interested in one of the networks when accessing the other one. Simply pull down your wifi network (ifconfig wlan down), delete the arp entry (see arp -d), and then try accessing the 2nd IP again.

This is how TCP/IP works, it's composed of networks and within a network you can only have a machine with a unique IP address.

NAT hides the 2nd network and you can set up forward rules to access behind the NAT. That's why we have been mentioning NAT.

On 11/8/2010 3:34 AM, Dotan Cohen wrote:

On Sat, Nov 6, 2010 at 23:19, Bob McConnellrmcconne@lightlink.com wrote:

...

To amplify this just a little bit, by the rules of IP routing, every machine must:

A) Have a unique address. B) Be attached to the proper subnet for that address as defined by the local netmask.

Once those are true, there exists a unique route between any two machines connected to the network, or the Internet.

Both those conditions are met in this use case, however the machine in question is on two networks:

|--Network1--|--Network2--| A C B

You are missing the big picture and the most fundamental thing about internet connectivity and routing. There aren't 2 networks. Everything you can reach is one network. On the public side, unique addresses are enforced because there is a hierarchy of address delegation. On private networks behind NAT you can do anything you want, but it isn't going to work unless you have unique addresses for all reachable destinations. Your problem is an unfortunate consequence of virtually all consumer-type NAT routers using 192.168.0/24 as their default internal subnet. IP protocols use the destination address early in the routing decision to pick the interface to use to send to the next hop. That can't work if you have to send to the same destination address in 2 different places. If you are interested in learning about this, find an IP routing reference that show the address and netmask as binary values. It is very easy to understand when you line up the bits of the addresses and netmasks in binary.

A: router on the wireless network B: router on the wired network C: CentOS laptop

Each router has a unique address on it's own network, as per spec.

No, once these subnets are connected to a common machine, you have one network. But it won't work.

The laptop is connected to two networks, on two different interfaces. The networks were never designed to be connected, and in fact there is no connection between them.

As soon as your machine connects to both they are connected.

Correct me if I'm wrong, but NAT is what C would do to let a computer on Network1 access a resource on Network2. C would be the gateway, rerouting packets between the two networks and correcting for address used on both sides.

Yes, but you have to present a unique address for forwarding. An intermediate machine with an intermediate subnet range could nat and present a different address to you, but one machine can't deal with 2 different directly connected destinations with the same address.

However, I am not trying to create a gateway! In this case, C itself (as a workstation) needs to access resources on both networks.

There's no difference in routing packets that have come from some other machine and routing packets from your own applications. The IP layer that decides where to send the packet for its next hop will look at the destination address and has to be able to figure out which interface to send it out. That's obviously impossible when you have the same address connected to two different interfaces at the same time.

There are an assortment of ways to tackle the problem if you can't apply the obvious solution and change the subnet addressing on one side or the other. The simplest might be to run a virtual machine (vmware, virtualbox, etc.) that is bridged to the wireless interface without letting the host itself get an address there. That would maintain the isolation you need between the target addresses. Or, you could arrange for some other connection (vpn or physical) to a machine on the wireless network (even the virtual machine above), where this connection would have it's own unique subnet range. Then you'd be able to use nat or a proxy to get forwarding to the other subnet, hiding the real destination address.

On Thu, Nov 11, 2010 at 00:08, Lamar Owen lowen@pari.edu wrote:

Well, this runs afoul of one of the annoyances with IP.  That is, IP addresses don't belong to the host; they belong to the interface.  Even on a cisco router, to assign the router itself an interface requires a loopback interface be created.

I understand what you want to do; I'm just saying that, unless you can assign a user's applications to a VRF (using cisco terminology; typically done by binding the application to a source address in that VRF) and then use multiple VRF's in the kernel, the kernel assumes that both references to 192.168.0.1 refer to the same device (from the point of view of the kernel, unless you have set up multiple routing tables, there is only one layer 3 network here), and it will choose the interface according to other criteria in the routing tables.

I remember seeing your ifconfig output... yes, you had: wlan0: 192.168.0.26/255.255.255.0 eth0: 192.168.0.101/255.255.255.0

However, you didn't provide routing table output....at least, I don't remember seeing netstat -r or ip route output.  So I'm assuming that you haven't set up multiple routing tables.

This means, from the kernel's point of view, that wlan0 and eth0 are not only in the same layer 3 network, but also on the same subnet/layer 2 segment (thanks to the /24 netmask; the kernel is going to send the packets out one of the interfaces based on the kernel's rules for local subnets). No two hosts can have the same IP address on the same layer 2 segment; as far as the kernel is concerned, eth0 and wlan0 are on the same layer 2 segment.  ( http://linux-ip.net/html/basic-reading.html#basic-local-network )

Now, if you want to do it with routing tables, you can.  The difficult part is getting the web browser to select the right source IP address (according to which interface you want to use), and then you have to write the routing rules based on source address.  It's easier with in-kernel NAT (allowing traffic on the default source IP address to access the desired device solely based on the destination's IP address; and, again, I'm talking entirely from the point of view of the kernel on host C here), but it is doable with plicy routing and multiple tables.

A relevant guide is found at: http://linux-ip.net/html/index.html

It has lots of details.

Two things have to happen: 1.) You have to set the source IP address to bind per application or per user or based on ENV variable; 2.) You have to have two routing tables, with routing based on the bound source address being on one interface or the other (since the destination address is not unique, and since the destination address is the primary route selector, you have to configure a secondary route selector; source IP address is supported through policy routing)

Again, all talk of routing here is from the kernel's point of view on host C (in your diagram).  But, even then this may or may not work, since both networks are locally attached; you might just have to experiment with it.  I did some googling on the subject, but nothing I was able to find in a reasonably short time fit your exact circumstances.

I'll have to admit to some curiosity in how to do this myself; I might lab it up one day and see, when I have more time to spend on it.

Thank you Lamar, I have spent some time googling and learning the concepts that you mention. I'm not much closer to a solution to this issue, but I have a much better understanding of IP networks. The routing tables and netmask concepts were big holes my my knowledge, and I'm the better for having invested in this query now that I've cleared some things up.

Thanks.