[CentOS] Addressing outgoing connections to a specific interface

Sat Nov 6 21:19:52 UTC 2010

Lamar Owen wrote:
> On Nov 6, 2010, at 4:05 PM, Dotan Cohen wrote:
> 
>> On Sat, Nov 6, 2010 at 20:51, Lamar Owen <lowen at pari.edu> wrote:
>>> But at the end you would access 192.168.1.1 and it would get
>>> translated to 192.168.0.1 at the eth0 point and wouldn't interfere
>>> with the wlan0 version of the 192.168.0.1 address.  I'm not exactly
>>> 100% sure it can be done without an external NAT box, but a small
>>> external router that can do NAT would make it much easier.
>>>
>> That is not what I am trying to do, I will try to rephrase:
>> I have a laptop connected to two network interfaces: eth0 and wlan0.
>> Each interface connects to a different LAN. Both LANs have machines on
>> the 192.168.0.1 address that I must access via port 80 in a web
>> browser.
>>
>> I don't need to access each one at the same time, but I do need to
>> leave both interfaces up for other software running on this machine.
>> CentOS 5.5, Dell Inspiron laptop.
> 
> Right, I understood that.  If you did a NAT you would access the WLAN  
> one with its native 192.168.0.1, and the other one on eth0 with the  
> translated (also RFC 1918) address, whatever you might have set that  
> to.  Now, I do realize that some routers will re-inject their IP  
> address into URLs, and that might break things; fixable using DNS, but  
> that's neither here nor there.
> 
> And your machine itself needs access to both routers at the same time,  
> whether you do or not, as you've described things, since one of those  
> routers is the default gateway for the machine.
> 
>> I suppose that I need either:
>>
>> 1) An address system such as eth0:192.168.0.1 and wlan0:192.168.0.1
>> (syntax invented to illustrate idea, it doesn't really work!)
>>
>> -or-
>>
>> 2) A way to do something like this as a user without affecting other  
>> users:
>> $ export INTERFACE=eth0
>> $ lynx 192.168.0.1
>> $ export INTERFACE=wlan0
>> $ lynx 192.168.0.1
> 
> 2.5) The iptables -mowner --uid-owner rule might help you. (see http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html#OWNERMATCH 
>   )
> 
> It has breakage as noted in the tutorial, however.
> 
> Packet routing isn't designed to switch between multiple devices with  
> the same address; the interface used isn't supposed to matter, in the  
> eyes of the routing table (and in normal IP practice).  Addresses are  
> supposed to be unique, from the point of view of any given IP host, in  
> other words.  This is the problem NAT was invented to solve.  Some  
> routing protocols deal with this in ways, but, again, these protocols  
> assume that if the address is the same, it's going to the same host.   
> But you already knew all that.....and I know you already knew all that.
> 

To amplify this just a little bit, by the rules of IP routing, every 
machine must:

A) Have a unique address.
B) Be attached to the proper subnet for that address as defined by the 
local netmask.

Once those are true, there exists a unique route between any two 
machines connected to the network, or the Internet.

Having said that, part of the 192.168 address block is unique in that it 
cannot be routed over the Internet. It doesn't exist anywhere as far as 
those routers are concerned. However, there is a way to map that block 
of local addresses to routeable addresses, called Network Address 
Translation (NAT). All you need is one router between the private block 
and the Internet that you can use to do that mapping. Most firewalls can 
handle that in their sleep.

So what you need is a way to insert a router between your software and 
one of your devices with the duplicated address. That router would then 
translate the addresses in one of those subnets into a unique address 
that won't conflict with the other. Personally, I would probably use a 
VM with FreeBSD and/or m0n0wall.

But I still wonder if you are unique in finding this address collision, 
or do others also have the same problem? If it is widespread, then it 
should be solved by the people managing those devices.

Bob McConnell
N2SPP