[CoLoCo] Multiple Network Interfaces, one card?
Jim Hutchinson
jim at ubuntu-rocks.org
Wed Sep 5 15:33:08 BST 2007
I don't know how much this will help and I'm not even sure I understand the
question, but I have been doing something similar (I think).
I have firefox running over an ssh proxy so that all that traffic is
encrypted to a point. Obviously once it exits the proxy it's not but it's
encrypted where I need it to be encrypted. To go beyond that level of
encryption I guess you would need tor or similar but that is really slow in
my experience and it's still unencrypted at the last server anyway. For my
unencrypted traffic I just use a different browser - in this case opera -
and don't proxy.
I would think you could set up a proxy for one app and traffic and use a
different, un-proxied app for the rest. Obviously you need access to a proxy
server but that is pretty much the case whatever you do. This method allows
you to just use the one NIC and not have to try and packet filter or
whatever. You could of course just use tor on firefox and not use tor with
opera (or vice versa) but tor is just not very satisfying to use.
Hope that gives you some ideas.
Jim
On 9/5/07, Neal McBurnett <neal at bcn.boulder.co.us> wrote:
>
> On Tue, Sep 04, 2007 at 11:11:50PM -0600, NICK VERBECK wrote:
> > Ok I've been doing some investigating into how to do the whole this
> > packet goes though this interface and this one goes thought a
> > different packet. From what its looking your going to have a lot of
> > fun. You will pretty much need to have an intermediary that takes
> > packets from FireFox for example. Inspects the packets to see what
> > type they are to figure out what interface they need to go thought.
> > That intermediary then needs to talk to the Operating Systems
> > Networking stack and tell it that this packet should go though its
> > selected device.
>
> I think it would be a lot easier than that for the web. Though again,
> we need to know which apps you want to play with, and asking the tor
> folks is your best bet. I bet there are howtos etc.
>
> But if you want to e.g. just use tor for certain web sites, you should
> be able to configure firefox to use a particular proxy (e.g. a squid
> proxy running on your gateway machine) for use just when going to
> those sites. Then configure that squid proxy to use the tor network.
> Back in the '90s at work when we wanted to proxy connections to the
> outside world, but not to intranet sites, we set up a "proxy.pac" file
> for netscape, and firefox still supports it.
>
> Some useful tips seem to be on this page that a quick google search
> found, though I haven't looked at it enough to know if they know what
> they're talking about. But privoxy is another option for some use
> cases.
>
> http://tools.rosinstrument.com/proxy/howto.htm
>
> and perhaps this page also:
>
> http://wiki.noreply.org/noreply/TheOnionRouter/TransparentProxy
>
> -Neal
>
> > Pretty much all in all not an easy task. If your good with Python and
> > understand the whole networking aspect of thing you may check out
> > Scapy (http://www.secdev.org/projects/scapy/) . A low level python
> > network protocol framework. It was referred to me by a staff member as
> > being a suggestion for using.
> >
> > As for the Mac and IP address things you should be able to achieve
> > this with just ifconfig and the man pages. All though WiFi most likely
> > will not work. As the antana can only support 1 connection.
> >
> > On 8/31/07, Neal McBurnett <neal at bcn.boulder.co.us> wrote:
> > > This helps a lot. I bet tor can be slow for all your traffic....
> > > My guess is that other tor users have tried to do similar things.
> > > Getting the apps to clue in the network is the hard part.
> > >
> > > So assuming you have a laptop, connected via wireless to a router,
> > > which is connected to the isp. Perhaps your router can be smart about
> > > which packets to send where, based on hints from the clients.
> > > E.g. your idea of using a virtual machine, which would have
> > > its own IP address, and the router could send all traffic from
> > > that IP thru tor, but leave stuff from the main IP address to
> > > go thru the normal default route.
> > >
> > > I haven't looked in a while, but it may be that some applications have
> > > options which can set QoS priority bits certain ways on the packets,
> > > which the router could again notice and act on. See Differentiated
> > > Services (DiffServ), RFC 2474. Or your idea of sending some traffic
> > > to a socks proxy on the router which could route them on to tor.
> > >
> > > Which applications do you want to route thru tor?
> > >
> > > -Neal
> > >
> > > On Fri, Aug 31, 2007 at 11:39:20AM -0400, Ringo Kamens wrote:
> > > > The reason I want to do this is so that I can use two identities at
> > > > once on a wireless network; an anonymous one and a non-anonymous
> one.
> > > > On one interface (and therefore different IP/MAC) I have my
> > > > non-anonymous traffic such as reading news, etc. On the other
> > > > interface (different IP/MAC) I have anonymous traffic that is routed
> > > > through tor (tor.eff.org). Both go through the same default gateway
> > > > and communicate the same way. I've wanted to design a system for
> doing
> > > > this for a while, and I think I now have most of the expertise
> needed
> > > > to do it. But I'm not exactly sure how to choose where traffic from
> a
> > > > particular program goes (which is why I'm thinking about making any
> > > > "anonymous" traffic come from a virtual machine that can only see
> one
> > > > interface.
> > > > Comrade Ringo Kamens
> > > >
> > > > On 8/31/07, Neal McBurnett <neal at bcn.boulder.co.us> wrote:
> > > > > It would help to know what your end goal is. Why do you care
> which
> > > > > interface is used? What other endpoints are you trying to
> communicate
> > > > > with? Are you just playing with understanding
> interfaces? Separating
> > > > > traffic for some particular reason? Curiosity about
> routing? There
> > > > > are lots and lots of techniques to play with networks and routing
> and
> > > > > making up packets etc etc. But we'll just stay tied up in
> > > > > nomenclature until we get a "use case" to chew on - a problem to
> > > > > solve.
> > > > >
> > > > > -Neal
> > > > >
> > > > > On Fri, Aug 31, 2007 at 10:39:33AM -0400, Ringo Kamens wrote:
> > > > > > Ok, so how would I get the system to route a particular programs
> > > > > > traffic to a particular interface if they both get to the
> internet.
> > > > > > One idea would be to run a small socks proxy on localhost and
> then use
> > > > > > a proxy wrapper program to direct traffic that way. Would that
> work?
> > > > > > Comrade Ringo Kamens
> > > > > >
> > > > > > On 8/31/07, Dave Price <kinaole at gmail.com> wrote:
> > > > > > > User level program don't talk to an interface, they talk to
> the
> > > > > > > protocol stack which routes traffic to the appropriate
> interface
> > > > > > > depending on the IP address / or hostname needed.
> > > > > > >
> > > > > > > If you have virtual interfaces set up , and a given
> application sends
> > > > > > > data to the subnets served by those virtual interfaces, they
> will be
> > > > > > > used for that traffic.
> > > > > > >
> > > > > > > On 8/30/07, Ringo Kamens <2600denver at gmail.com> wrote:
> > > > > > > > Thanks for the sample commands. Is there any *simple* way to
> making a
> > > > > > > > program use a certain interface? I was thinking about
> running a
> > > > > > > > virtual machine that runs all of its traffic through one of
> the
> > > > > > > > multiple interfaces.
> > > > > > > > Thanks,
> > > > > > > > Comrade Ringo Kamens
> > > > > > > >
> > > > > > > > On 8/30/07, Dave Price <kinaole at gmail.com> wrote:
> > > > > > > > > Won't get you two MAC's but will get you two IP addresses
> > > > > > > > >
> > > > > > > > > ifconfig eth0:1 aaa.bbb.ccc.ddd
> > > > > > > > > ifconfig eth0:2 aaa.bbb.ccc.ddd
> > > > > > > > >
> > > > > > > > > as often as you want ... with different IP's for each
> virtual interface
> > > > > > > > >
> > > > > > > > > you also me need to add a DEFAULT GATEWAY for each new
> subne that you
> > > > > > > > > define this way using the route command - assuming there
> is a gateway
> > > > > > > > > on the the subnet
> > > > > > > > >
> > > > > > > > > As mentioned before, I don't know if virtual IP's are
> supported on
> > > > > > > > > WLAN interfaces - never tried that... the tricky bit
> would be getting
> > > > > > > > > the WLAN to associate with an access point on the
> appropriate IP
> > > > > > > > > subnet if that was needed .
> > > > > > > > >
> > > > > > > > > aloha (and hope this helps),
> > > > > > > > > dave
> > > > > > > > >
> > > > > > > > > On 8/30/07, Ringo Kamens <2600denver at gmail.com> wrote:
> > > > > > > > > > While it's true that the MAC address is burned into the
> card, it
> > > > > > > > > > doesn't mean it isn't changeable. The operating system
> manages the MAC
> > > > > > > > > > address and it can be changed at will so I would assume
> I could have
> > > > > > > > > > it flip-flop constantly between two interfaces. What
> commands would I
> > > > > > > > > > use to make multiple interfaces?
> > > > > > > > > > Comrade Ringo Kamens
> > > > > > > > > >
> > > > > > > > > > On 8/30/07, David Overcash <funnylookinhat at gmail.com>
> wrote:
> > > > > > > > > > > That's the problem that I think we failed to
> explain. A MAC address is a
> > > > > > > > > > > unique identifier given to each networking card
> (whether it be wireless or
> > > > > > > > > > > wired), and each device is supposed to have only one
> per port (or antenna if
> > > > > > > > > > > you are wireless).
> > > > > > > > > > >
> > > > > > > > > > > So you can have two different IP addresses, if you
> have two different cards
> > > > > > > > > > > to create two interfaces on.
> > > > > > > > > > >
> > > > > > > > > > > -David
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > On 8/30/07, Ringo Kamens <2600denver at gmail.com> wrote:
> > > > > > > > > > > > Sorry for the slow response, I was out camping in
> the wilderness. I
> > > > > > > > > > > > mentioned the ethernet card because I'd also be
> interested in setting
> > > > > > > > > > > > up two interfaces on that. Can somebody point me in
> the right
> > > > > > > > > > > > direction as to how to do this? Also, I don't see
> why a card couldn't
> > > > > > > > > > > > send from two MACs. Doesn't the system control that
> anyways instead of
> > > > > > > > > > > > the card?
> > > > > > > > > > > > Comrade Ringo Kamens
> > > > > > > > > > > >
> > > > > > > > > > > > On 8/27/07, Michael Robbert <mrobbert at gmail.com>
> wrote:
> > > > > > > > > > > > > Why do you need two different MACs? I don't see
> any reason that you
> > > > > > > > > > > couldn't
> > > > > > > > > > > > > multi home with two IPs from a wireless card.
> > > > > > > > > > > > > I am a little thrown off by your mention of the
> ethernet card. It
> > > > > > > > > > > doesn't
> > > > > > > > > > > > > sound like you intend to include that in the
> solution of your problem,
> > > > > > > > > > > but
> > > > > > > > > > > > > am I misreading your problem description?
> > > > > > > > > > > > >
> > > > > > > > > > > > > Mike
> > > > > > > > > > > > >
> > > > > > > > > > > > > On 8/26/07, Ringo Kamens < 2600denver at gmail.com>
> wrote:
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > I have a problem I think somebody here may have
> enough expertise to
> > > > > > > > > > > > > > solve. I have one wireless card and one ethernet
> card. What I want to
> > > > > > > > > > > > > > do is set up two separate network interfaces so
> that I can have my
> > > > > > > > > > > > > > wireless card send data from two separate MAC
> and IP addresses. Is
> > > > > > > > > > > > > > this possible? Yes, I googled it and the results
> came up empty. I
> > > > > > > > > > > > > > would appreciate any help I could get.
> > > > > > > > > > > > > > Thanks,
> > > > > > > > > > > > > > Comrade Ringo Kamens
> > > > > > > > > > > > > >
> > > > > > > > > > > > > > --
> > > > > > > > > > > > > > Ubuntu-us-co mailing list
> > > > > > > > > > > > > > Ubuntu-us-co at lists.ubuntu.com
> > > > > > > > > > > > > > Modify settings or unsubscribe at:
> > > > > > > > > > > > >
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
> > > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > > > --
> > > > > > > > > > > > > Ubuntu-us-co mailing list
> > > > > > > > > > > > > Ubuntu-us-co at lists.ubuntu.com
> > > > > > > > > > > > > Modify settings or unsubscribe at:
> > > > > > > > > > > > >
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
> > > > > > > > > > > > >
> > > > > > > > > > > > >
> > > > > > > > > > > >
> > > > > > > > > > > > --
> > > > > > > > > > > > Ubuntu-us-co mailing list
> > > > > > > > > > > > Ubuntu-us-co at lists.ubuntu.com
> > > > > > > > > > > > Modify settings or unsubscribe at:
> > > > > > > > > > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
> > > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > > > --
> > > > > > > > > > >
> ---------------------------------------------------------
> > > > > > > > > > > http://www.funnylookinhat.com
> > > > > > > > > > > AIM: FunnyLookinHat
> > > > > > > > > > > ICQ: 40145621
> > > > > > > > > > > MSN: funnylookinhat at gmail.com
> > > > > > > > > > > Jabber: funnylookinhat at gmail.com
> > > > > > > > > > > IRC: irc.freenode.net
> > > > > > > > > > >
> ---------------------------------------------------------
> > > > > > > > > > > --
> > > > > > > > > > > Ubuntu-us-co mailing list
> > > > > > > > > > > Ubuntu-us-co at lists.ubuntu.com
> > > > > > > > > > > Modify settings or unsubscribe at:
> > > > > > > > > > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
> > > > > > > > > > >
> > > > > > > > > > >
> > > > > > > > > >
> > > > > > > > > > --
> > > > > > > > > > Ubuntu-us-co mailing list
> > > > > > > > > > Ubuntu-us-co at lists.ubuntu.com
> > > > > > > > > > Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
> > > > > > > > > >
> > > > > > > > >
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > aloha,
> > > > > > > > > dave
> > > > > > > > >
> > > > > > > > > --
> > > > > > > > > Ubuntu-us-co mailing list
> > > > > > > > > Ubuntu-us-co at lists.ubuntu.com
> > > > > > > > > Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
> > > > > > > > >
> > > > > > > >
> > > > > > > > --
> > > > > > > > Ubuntu-us-co mailing list
> > > > > > > > Ubuntu-us-co at lists.ubuntu.com
> > > > > > > > Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > --
> > > > > > > aloha,
> > > > > > > dave
> > > > > > >
> > > > > > > --
> > > > > > > Ubuntu-us-co mailing list
> > > > > > > Ubuntu-us-co at lists.ubuntu.com
> > > > > > > Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
> > > > > > >
> > > > > >
> > > > > > --
> > > > > > Ubuntu-us-co mailing list
> > > > > > Ubuntu-us-co at lists.ubuntu.com
> > > > > > Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
> > > > >
> > > > > --
> > > > > Ubuntu-us-co mailing list
> > > > > Ubuntu-us-co at lists.ubuntu.com
> > > > > Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
> > > > >
> > > >
> > > > --
> > > > Ubuntu-us-co mailing list
> > > > Ubuntu-us-co at lists.ubuntu.com
> > > > Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
> > >
> > > --
> > > Ubuntu-us-co mailing list
> > > Ubuntu-us-co at lists.ubuntu.com
> > > Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
> > >
> >
> >
> > --
> > Nick Verbeck - NerdyNick
> > ----------------------------------------------------
> > NerdyNick.com
> > NerdyNick.org
> > NerdyNick.net
> > GamesAndBitches.com
> > SkeletalDesign.com
> > KemperBand.com
> >
> > --
> > Ubuntu-us-co mailing list
> > Ubuntu-us-co at lists.ubuntu.com
> > Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
>
> --
> Ubuntu-us-co mailing list
> Ubuntu-us-co at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-co
>
--
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-us-co/attachments/20070905/55d7e226/attachment-0001.htm
More information about the Ubuntu-us-co
mailing list