to sum up my issue, I have a linux router that has 3 network interfaces:
- a wlan interface acting as a DHCP server, upon which I manage the device, not in the scope of this question.
- a lan interface, which is linked to the eth0 device (ethernet port), which is unmanaged.
- a wan interface, which is linked to the eth1 device (ethernet port), which is unmanaged.
If that changes anything, my router is running on openwrt, so lan is actually br-lan.
My goal is twofold:
- I need to plug my device on lan and wan between a station (connected to eth0) and a switch (connected to eth1), and act as a transparent bridge between them.
- I need to be able to send and receive packet to and from the linux router spoofing the station.
The transparent bridge part is easily done with net.ipv4.ip_forward and adding eth1 into the virtual bridge device with eth0. However, as soon as I assign the station's IP/MAC to eth1, all traffic from the switch meant for the station is stopped at eth1 (understandably). I can ping the switch, but the station can't because eth1 keeps the response for itself.
To bypass this, I tried multiple things, mostly from this issue: iptables with tee (which straight up didn't work, even though I made a route that routed traffic for the station IP through eth0), iptables forwarding (see this issue), tcpbridge from eth1 to eth0, tc...
But in all these cases, packets from the switch meant for the station are redirected to eth0 as expected, but now the linux device is the one not receiving answers, meaning the station can ping the switch, but when I do, the station gets the response. (Even though eth1 is still spoofing the IP/MAC of the station).
Anyone got an idea why mirroring traffic actually doesn't work in my case ?
Is it because both interface or in the same vbridge?
Is there a packet utility that allow me to route packet by wrapping them with a custom IP/MAC? That would allow me to do a transparent bridge without tampering with eth1's IP/MAC.
Thanks!
