How to forward packets between VLANs on Open vSwitch router? - router

I'm trying to configure an OVS router. I want to achieve that, by adding flows on the OVS router, the devices connected with switch ports (port 2-5) can access to the internet, if the internet cable is inserted into the WAN port (port 1).
My VLAN configuration in file /etc/config/network of the OVS router is:
eth1.1: 0t, 2
eth1.2: 0t, 3
eth1.3: 0t, 4
eth1.4: 0t, 5
eth1.5: 1, 6
The output of ovs-vsctl show is:
root#OpenWrt:~# ovs-vsctl show
84d9ab2f-a3e6-46e3-874f-156ef975d673
Bridge "br0"
Controller "tcp:<an IP address>"
is_connected: true
fail_mode: standalone
Port "eth1.4"
Interface "eth1.4"
Port "eth1.2"
Interface "eth1.2"
Port "eth1.1"
Interface "eth1.1"
Port "br0"
Interface "br0"
type: internal
Port "eth1.3"
Interface "eth1.3"
The truncated output of ifconfig is:
br0: 192.168.3.1
eth0: 192.168.0.105 (There is another home router)
eth1, eth1.1-1.4
As the subnet provides IP prefix of 192.168.3.* and the router itself is assigned IP of 192.168.0., I wonder if it's helpful to add a flow to forward packets from 192.168.3. to 192.168.0.104.
So is it correct if I suppose, a machine with IP 192.168.3.10, for example, it wants to make query to google, the path should be 192.168.3.10->192.168.0.105->192.168.0.1(home router)->outside?
This is to build a flow based on Layer3. But I'm wondering if I can build flows between VLANs? According to my configuration, WAN port is port1, belongs to VLAN 5. Do you think is viable to add flows bidirectionally from VLAN 1 (machine connected) to VLAN 5 and from VLAN 5 to VLAN 1? If so, is there any examples I can flow please?
Another detail. The output of ifconfig shows eth0 interface was assigned IP 192.168.0.105, which means it's connected with my home router (192.168.0.1). So do I need to forward packets between these to IP addresses?
I really appreciate any help.

The following commands add two rules to send packet from VLAN 5 and port 5 to port 1 with VLAN 1 and vice versa:
ovs-ofctl add-flow br0 in_port=5,dl_vlan=5,actions=mod_vlan_vid:1,output:1
ovs-ofctl add-flow br0 in_port=1,dl_vlan=1,actions=mod_vlan_vid:5,output:5

I have solved this problem. Following is the solution.
The main idea is to build a linux bridge connected with OVS bridge, when I need the VLANs to be able talking with outside internet. I can use brctl to operate linux bridge. Firstly I tried:
brctl addbr br-lan
brctl addif br-lan br0
Then all the machine can access to the internet. But unfortunately, only for couple minutes. After that, the router collapsed. I could not access to the OVS router anymore unless I reset it. That could be caused by the incorrect bridge configuration. I tried many ways and finally this one works:
brctl addbr br-lan
ifconfig br-lan 192.168.3.1
brctl addif br-lan br0
ifconfig br0 0.0.0.0
I considered linux bridge br-lan should be originally connected with eth0 (wan). And as I know, br0 could means 'local', with IP address 192.168.3.1. All VLANs talk with this IP address. If I move 'local' to linux bridge which connected with wan port, it should work.
Thanks for everybody who viewed and tried to help me!

Related

Create GRE OpenvSwitch network over SSH tunnel

I am in need of creating an overlay network to connect the VMs of two KVM hosts with each other.
The tutorial at OpenvSwitch explains it pretty well [1], but I do have one restriction. Host A can only reach host B via SSH on Port 22. All other outgoing connections and ports are blocked.
I have established an SSH tunnel with port forwarding between the two hosts and would need to send the OpenvSwitch traffic over that SSH tunnel. The problem is, the command for creating the SSH tunnel requires me to specify the IP of the tunnel endpoint:
ovs-vsctl add-port br0 gre0 -- set interface gre0 type=gre options:remote_ip=<IP of eth0 on host2>
Since I am using port forwarding I would need to insert "localhost" here and specify the forwarded port. This option, however, does not exist.
How can I create an overlay network between two hosts that are only connected via an SSH tunnel?
I tried to create tap interfaces with socat on both sides from [2] and added these tap interfaces to the OpenvSwitch bridge br0 that I created. Maybe this would eliminate the need for the GRE tunnel, if traffic is routed via the socat tunnels instead?
Thanks,
Nils
[1] https://docs.openvswitch.org/en/latest/howto/tunneling/
[2] https://gist.github.com/cfra/752d6e761225fd5bf783b44abe30f707

Static IP Address of eth0 is not showing on my Raspberry Pi

I am using a Raspberry Pi 3 B with Raspbian Buster. I connected it with Wifi and it is working without any issues. I would like to enable the interface eth0 in order to use my Raspbi with Profinet (an industrial protocol).
So, I modified the file /etc/dhcpcd.conf/:
/etc/dhcpcd.conf/.
But the output of "ifconfig" is:
eth0
And the output of "route -v" is:
route
I would like to have the ip address of the interface "eth0" static and appearing and also able to be pinged. I tried a lot of stuffs on other forums like this one: modifying the file /etc/network/interfaces. But this didn't work. I also set the eth0 interface up with "sudo ifconfig eth0 [ipadress] netmask 255.255.255.0 up". Ma wifi crashed after this... Can someone please help me? I'm stuck with this since a couple of weeks already. Thanks a lot. If you have any questions I can provide some screenshots.
Cheers
The file /etc/dhcpcd.conf is used since Raspbian Stretch instead of instead of /etc/network/interfaces.
Using your editor of choice, edit /etc/dhcpcd.conf, scroll down to the example configuration, like below from mi Pi3B+, uncomment the lines and configure the parameters as per your needs.
# Example static IP configuration:
#interface eth0
#static ip_address=192.168.0.10/24
#static ip6_address=xxxx:xxxx:xxxx:xxxx::ff/64
#static routers=192.168.0.1
#static domain_name_servers=192.168.0.1 8.8.8.8 xxxx:xxxx:xxxx:xxxx::1
update /etc/dhcpcd.conf
interface eth0
static ip_address=192.168.0.10/24
restart dhcp service
sudo service dhcpcd restart
and do not forget to inform a dhcp lease to your router if you want that this one does not allocate this ip to another material, that will avoid instability
Also calling ethtool eth0 gives as output:
Settings for eth0:
Supported ports: [ TP MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Supported pause frame use: Symmetric Receive-only
Supports auto-negotiation: Yes
Supported FEC modes: Not reported
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Advertised FEC modes: Not reported
Speed: Unknown!
Duplex: Unknown! (255)
Port: MII
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Cannot get wake-on-lan settings: Operation not permitted
Current message level: 0x00000007 (7)
drv probe link
Link detected: no
Here some more details about my problem. I will be very grateful for help

Localhost server in loopback does not answer incoming SYN

I have a TCP server which runs in localhost (127.0.0.1), I am trying to connect to the server by injecting SYN packets to the loopback interface, but the server doesn't answer them. These packets have the source IP of the Ethernet interface of my internet adapter (and not localhost IP).
I watch the SYN packet that goes to my loopback server in Wireshark, but the server does not answer it with a SYN/ACK. I think it is because the IP source is not 127.0.0.1, which for example is 192.168.1.24.
If I go to the browser and I connect to my localhost server it works fine, but the source IP that I am using is 127.0.0.1 and the destination IP is 127.0.0.1 too; the only difference between the packets is the source IP.
I want to establish a TCP connection with my loopback server (localhost) by using different IP source addresses than 127.0.0.1. Is that possible?
For example, a Loopback TCP SYN packet which comes from 192.168.1.24 to 127.0.0.1 should be answered by the loopbackserver?
Thanks and regards!
You can send packets to localhost via Npcap Loopback Adapter and get response from the counterpart (e.g. a process on the same machine). An example is Nmap, Nmap uses Npcap Loopback Adapter to scan the ports of localhost. The command is: nmap -v -A 127.0.0.1. Nmap is open-sourced here, so you can see its code about the implementation. If you think Nmap is too complicated, you can see the source code of Nping here, a ping tool shipped by Nmap. Nping also uses Npcap Loopback Adapter when pinging localhost, which works differently with the original ping shipped by Windows.
Using IP of one of local adapters or using 127.0.0.1 should be the same. You can run Nmap to test it. Whatever, using 127.0.0.1 is the best and recommended by Npcap when talking to localhost.
So I think the issue still relates to your own implementation.
Does the server bind() using INADDR_LOOPBACK? If so, you could try changing it to INADDR_ANY to see if that helps. See also man 7 ip.
(These links are obviously Linux-specific; if your platform is something else, then refer to the documentation applicable to your system. For example, if you're on Windows, then maybe refer to https://msdn.microsoft.com/en-us/library/windows/desktop/ms737550(v=vs.85).aspx.)
I solved the problem, thank you very much for your answers.
The problem was a bit stupid, I was trying to establish a TCP connection with the loopback server (localhost) with IP source addresses that were not in the range of the loopback, loopback gateway: 127.0.0.1, loopback netmask: 255.255.0.0; It cant accept packets from IP source addresses that are not in the range of 127.0.X.X ; if I do NAT and I translate the packet from for example 192.168.1.154 to 127.0.1.154 the packet is received by the server and I can establish the server connection, I do not know how I did not realize it before.
Thank you for the time, regards!.
I think too that maybe it is better to bind the server to other virtual network adapter and not to the loopback, I am studing this: https://github.com/Microsoft/Windows-driver-samples/tree/master/network/ndis/netvmini/6x
It would be fine to create a miniport driver and bind the server there, we would have the advantage of having our own gateway and netmask and the layer would be ethernet and not BSD loopback. Your opinions will be interesting for me.

Raspberry refuses to change IP

I am running raspin on an Raspberry Pi2 and I have configured it to have a staic IP on eth0 but it never changes it sticks to its DHCP lease. This is what I have in the interfaces-file under networking.
iface eth0 inet static
address 192.168.1.60
gateway 192.168.1.1
netmask 255.255.255.0
Have I done anything wrong? Am I blind? :)
Did you try restarting network?
/etc/init.d/networking restart
Not an answer to your question, but a workaround.
Add a static IP lease rule in your DHCP server, this is going to be your router in most cases.
Try restarting the RPi or network - the edited interfaces file doesn't take effect until you do that. Some routers also don't like you requesting a certain IP, so you can also set it to DHCP on the RPi and configure the router so that it always assigns a certain IP to the device.

TCP client using a specific interface while connecting to a webserver

I am trying to connect over Linux. My device is connected to two LANs (say eth0 and eth1) with different networks.
Both networks are connected to internet. I want my client program to be able to use eth1 even though my eth0 is the default interface.
There is an option setsockopt (SO_BINDTODEVICE) to bind to a specific interface but requires root priviledges which is not possible.
Binding to IP address of eth1 is not helping either. Please suggest is there any other way through socket APIs to link the connection with the interface. i.e. my client program will always usse eth1 source IP and interface to connect to the internet whereas all other programs will continue to use eth0 as ususal.
I investigated and appears changes in routing table can help in this but trying to avoid being risky to make system unstable as that is applied to every other programs too.
Thanks in advance.
Kris