I have CentOS 8 running on laptop, a test laptop more than anything.
I'm trying to simulate a router loopback address.
The laptop is configured with 192.168.110.10/24 on the physical nic
I've built a dummy interface (maybe this isn't correct?) of 172.16.1.10/32
From this laptop, it responds to pings and http on both the physical nic and the dummy address
on my router for the 192.168.110.0/24 network, I have a static route pointing 172.16.1.10/32 to 192.168.110.10 so that other hosts on the /24 should be able to reach the loopback/dummy address; however other hosts can not ping or http to the 172.16.1.10/32 address. The 192.168.110.10 adddress responds to http and pings as expected.
when I look at firewall-cmd --get-active-zones I see both my physical and loopback/dummy listed in the public zone.
Do I need to configure additional routing to get this working?
thanks
Respond on loopback address
Re: Respond on loopback address
you need to configure nat for the new network on your server and configure route to that network on the clients
Re: Respond on loopback address
Lets follow a packet.
Client X in 192.168.110.0/24 (192.168.110.x) creates a packet destined to 172.16.1.10.
The 172.16.1.10 is not within 192.168.110.0/24, so it is sent to router Y (192.168.110.y).
The router Y knows to forward the packet to next router C, the 192.168.110.10.
The C sees that the packet is for "localhost", and local process does take it and create a reply:
SRC=172.16.1.10 DST=192.168.110.x
At this point one could ask whether it is ok to send packet with SRC=172.16.1.10 from
interface that should use address 192.168.110.10? Or, should the reply have SRC=192.168.110.10?
IIRC, there is some kernel option to allow/deny such things. Might default to deny.
If so, that is the show-stopper.
That aside, the packet is destined to link-local subnet 192.168.110.0/24, so toss it out from interface
(if not denied).
Client X receives a reply with correct DST=192.168.110.x. It probably does not care that reply does
not arrive from 192.168.110.y (where the original packet was sent to).
---
IMHO, the router should offer DHCP for all members of 192.168.110.0/24, and as one option pass the
to 172.16.1.0/24 via 192.168.110.10, so none has to send via the router.
(Why use 172.16.1.10/32, when you can surely afford 172.16.1.10/24 or more?)
Client X in 192.168.110.0/24 (192.168.110.x) creates a packet destined to 172.16.1.10.
The 172.16.1.10 is not within 192.168.110.0/24, so it is sent to router Y (192.168.110.y).
The router Y knows to forward the packet to next router C, the 192.168.110.10.
The C sees that the packet is for "localhost", and local process does take it and create a reply:
SRC=172.16.1.10 DST=192.168.110.x
At this point one could ask whether it is ok to send packet with SRC=172.16.1.10 from
interface that should use address 192.168.110.10? Or, should the reply have SRC=192.168.110.10?
IIRC, there is some kernel option to allow/deny such things. Might default to deny.
If so, that is the show-stopper.
That aside, the packet is destined to link-local subnet 192.168.110.0/24, so toss it out from interface
(if not denied).
Client X receives a reply with correct DST=192.168.110.x. It probably does not care that reply does
not arrive from 192.168.110.y (where the original packet was sent to).
---
IMHO, the router should offer DHCP for all members of 192.168.110.0/24, and as one option pass the
to 172.16.1.0/24 via 192.168.110.10, so none has to send via the router.
(Why use 172.16.1.10/32, when you can surely afford 172.16.1.10/24 or more?)
Re: Respond on loopback address
Might you be able to point me to a "how-to" for configuring NAT for the new network(the "loopback") on my server? I've got the routing part worked out