Basically trying to bend bridging and NATing to my will with quite a unique project.
I've simplified what I'm doing below (VM=Kali virtual machine for testing):
ZoneX's are network namespaces, vexxx's are virtual links created with ip link
The premise is to create a gateway for the LAN which can divert traffic (based on what it is) to either ZoneX or ZoneY modify the traffic and forward it to ZoneZ and finally out to the real networks gateway.
I've tried quite a few different things, however the main problem is either from creating a layer2 storm... not nice in VM's... or the NAT net namespace (ZoneZ) forwards the return traffic via the first interface in the NAT table for the client VM (which is sometimes incorrect).
The main aim is to split the traffic to multiple zones but have the return traffic take the same route back, thats the clincher! The next stage is then to be able to chain multiple Zones together to modify the traffic in multiple ways.
Aucun commentaire:
Enregistrer un commentaire