Рет қаралды 6,708
Recently I learned how the Linux option net.ipv4.ip_forward can turn your machine into a router. I have been using this option in past when working with iptables but never paid attention to how it works. I explore this here.
You see, when your NIC receives a frame from the network with a MAC address the frame is copied to the kernel if the MAC address matches the NIC’s. If doesn’t match the NIC’s MAC address that frame is often dropped by the NIC.
Putting the NIC into promiscuous mode allows all frames in to the OS and the kernel does the filtering instead. This is useful if you have many virtual machines/containers with different MAC addresses exposed under the same physical NIC.
So similarly if the MAC address matches the NIC’s but the IP address in the IP packet doesn’t match machine’s IP, the packet is often dropped by the OS, unless the ip_forward option is enabled.
This essentially tells the OS, hey, you might receive packets that are not for you, please just forward them back through the network and apply any routing rules you might have. Here
This is exactly how a router works, it received tons of packets where the MAC matches it, but almost none of them are destined to the router (except if you want to go to the admin page on your router that is).
Coincidentally, this is also how a firewall works. You configure your hosts to forward all packets to machine F, such that the destinations remain as is but the frame becomes F, the firewall machine receives all packets, apply the filtering rules if those pass it forward the packet back to the network (thanks to the ip_forward) else if the firewall rules didn’t match, it swallows the packet.
This feels like a puzzle piece I have been holding on for a long time and finally fits perfectly.
0:00 Intro
2:00 Layer 2 and Layer 3 Address match
4:00 Layer 2 MAC doesn’t match
5:30 Promiscuous Mode
6:30 Layer 2 Match Layer 3 Address doesn’t
9:00 Acting Like a Router
11:30 Acting Like a Firewall
Discovering Backend Bottlenecks: Unlocking Peak Performance
performance.husseinnasser.com
Fundamentals of Backend Engineering Design patterns udemy course (link redirects to udemy with coupon)
backend.husseinnasser.com
Fundamentals of Networking for Effective Backends udemy course (link redirects to udemy with coupon)
network.husseinnasser.com
Fundamentals of Database Engineering udemy course (link redirects to udemy with coupon)
database.husseinnasser.com
Follow me on Medium
/ membership
Introduction to NGINX (link redirects to udemy with coupon)
nginx.husseinnasser.com
Python on the Backend (link redirects to udemy with coupon)
python.husseinnasser.com
Become a Member on KZfaq
/ @hnasr
Buy me a coffee if you liked this
www.buymeacoffee.com/hnasr
Arabic Software Engineering Channel
/ @husseinnasser
🔥 Members Only Content
• Members-only videos
🏭 Backend Engineering Videos in Order
backend.husseinnasser.com
💾 Database Engineering Videos
• Database Engineering
🎙️Listen to the Backend Engineering Podcast
husseinnasser.com/podcast
Gears and tools used on the Channel (affiliates)
🖼️ Slides and Thumbnail Design
Canva
partner.canva.com/c/2766475/6...
Stay Awesome,
Hussein