# Routing problem

## z40000

I have one pc with two network interfaces connected to two different networks which both use the same range of ip addresses:

eth0 192.168.5.0/24

eth1 192.168.5.0/24

I can't change the ip configuration of any computer in those networks but I still need to be able to connect to any computer accessible over the two interfaces.

Now if for example a program wants to connect to 192.168.5.3 the kernel doesn't know if it wants to talk to 192.168.5.3 on eth0 or to 192.168.5.3 on eth1 which is a different computer.

Is there some easy way to remap one of the networks to a different ip range internally?

So that I can configure the interfaces in this way:

eth0 192.168.5.0/24

eth1 50.0.0.0/24

but everytime I ping for example 50.0.0.3 the packet which leaves the computer on eth1 is destinated to 192.168.5.3 instead of 50.0.0.3?

Or maybe any other solution?

----------

## papahuhn

Destination NAT won't work per se, as the kernel needs to make routing decisions afterwards anyway. However, you can use policy routing combined with packet mangling by means of owner gid. That's what I do when I want some application to use my VPN instead of my regular default route. The steps for you should be similar to the following:

1) Keep your main routing table "subnet-unique". Use 192.168.5.0/24 dev eth0, remove this route on eth1.

2) Add the same subnet on dev eth1 on a separate routing table: ip route add 192.168.5.0/24 dev eth1 table 1337.

3) Mark packets which are emitted by processes with GID 666: iptables -t mangle -A OUTPUT -m owner --gid-owner 666 -j MARK --set-xmark 666.

4) Add a rule which states that 666-marked packets need to consult routing table 1337 instead of main: ip rule add fwmark 666 table 1337.

5) Enhance your sudo permissions. You need to be able to change GID, e.g. "%wheel ALL=(ALL:ALL) ALL" instead of "%wheel ALL=(ALL) ALL". Use another group or user if you like.

6) Use "ping 192.168.5.123" to go via eth0. Use "sudo -g '#666' ping 192.168.5.123" to go via eth1.

----------

## _______0

 *papahuhn wrote:*   

> Destination NAT won't work per se, as the kernel needs to make routing decisions afterwards anyway. However, you can use policy routing combined with packet mangling by means of owner gid. That's what I do when I want some application to use my VPN instead of my regular default route. The steps for you should be similar to the following:
> 
> 1) Keep your main routing table "subnet-unique". Use 192.168.5.0/24 dev eth0, remove this route on eth1.
> 
> 2) Add the same subnet on dev eth1 on a separate routing table: ip route add 192.168.5.0/24 dev eth1 table 1337.
> ...

 

massive overkill.

setting default route should be enough.

----------

## Hu

 *_______0 wrote:*   

> massive overkill.
> 
> setting default route should be enough.

 The OP specifically stated that his network layout is totally wrong and will not be fixed.  Using a single default route only works if a given IP address is actually unique within the range of systems visible to the host.  The OP stated that his network does not satisfy this constraint.  I agree that papahuhn's suggestion is rather complex, but since he is compensating for a broken network design, simplicity may be unachievable.  If you believe a simpler solution exists, please post the specific commands required to reach a working state.

A solution based on using network namespaces and moving one of the NICs into that namespace would also work, but has its own complexities.

----------

## _______0

 *Hu wrote:*   

> 
> 
> setting default route should be enough.

 The OP specifically stated that his network layout is totally wrong and will not be fixed.  Using a single default route only works if a given IP address is actually unique within the range of systems visible to the host.  The OP stated that his network does not satisfy this constraint.  I agree that papahuhn's suggestion is rather complex, but since he is compensating for a broken network design, simplicity may be unachievable.  If you believe a simpler solution exists, please post the specific commands required to reach a working state.

A solution based on using network namespaces and moving one of the NICs into that namespace would also work, but has its own complexities.[/quote]

Depending on the workflow many programs can specify with options IP and interface. I don't know the nature of OP's workflow.

The steps involves is looking programs' man pages and searching for IP and interface switches.

And I don't buy that an network will give same IP to two interfaces.

This is impossible and contradicting:

 *Quote:*   

> Now if for example a program wants to connect to 192.168.5.3 the kernel doesn't know if it wants to talk to 192.168.5.3 on eth0 or to 192.168.5.3 on eth1 which is a different computer.

 

I am not aware that networking is designed this way. The only way for this to show up in "route -an" would be to manually do it.

More over the statement,

 *Quote:*   

> but everytime I ping for example 50.0.0.3 the packet which leaves the computer on eth1 is destinated to 192.168.5.3 instead of 50.0.0.3?

 

implies a default route set.

Without more details, route tables and other things, is difficult to give specific commands.

----------

## Hu

 *_______0 wrote:*   

> Depending on the workflow many programs can specify with options IP and interface. I don't know the nature of OP's workflow.
> 
> The steps involves is looking programs' man pages and searching for IP and interface switches.

 True, but we have no reason to believe the OP is using programs designed to deal with this scenario.  It is likely that the OP wants a solution that minimizes special handling in the individual programs, so that he can use ping, ssh, Firefox/Chrome, etc. without specifying special options at every step.

 *_______0 wrote:*   

> And I don't buy that an network will give same IP to two interfaces.
> 
> This is impossible and contradicting:
> 
>  *Quote:*   Now if for example a program wants to connect to 192.168.5.3 the kernel doesn't know if it wants to talk to 192.168.5.3 on eth0 or to 192.168.5.3 on eth1 which is a different computer. 
> ...

 That is not what he said.  He said that two different networks were created and given the same IP addresses.  If these two networks do not connect to one another, this is possible, and indeed common.  How many of the readers of this forum use 192.168.0.N for their internal LAN?  None of them interfere with each other, because none have routes to one another.  The OP is now in the unusual situation of trying to connect a machine to two such networks simultaneously.

----------

