[wplug] ip forwarding on ubuntu

Vance Kochenderfer vkochend at nyx.net
Wed Aug 27 12:21:08 EDT 2008


Tom Fetherston wrote:
> Rather than introducing a hub and monitor things that way, I've
> purchased a expresscard gigabit ethernet module.

> Just plug the PACS side of the cable to one port on the laptop and run a
> cable from the second port to the Dicom pc, and then enble ip forwarding
> between the two cards.

Using a hub is really preferable, as it is the least invasive way
to do what you want (well, OK, I suppose the *least* invasive way
would be to use some sort of inductive tap to read the data from
the cable itself, but that's kind of overboard...).  You may find
that sticking a router in between the two devices changes the
behavior you're trying to examine, for the better or for the
worse!

> The last sentence brings me to my first question, just how do I set up
> ip forwarding under Linux?

I'm not very knowledgeable with setting up routing, but this may
get you started.  You have two interfaces on your laptop, eth0 and
eth1.  Say that eth0 is connected to the network at large and eth1
is connected (only) to the Dicom machine, which has IP address
10.10.10.10.  I think you would set up the routes like so:
  # route add default dev eth0
  # route add -host 10.10.10.10 dev eth1

You'll need to make sure that at least the iptables FORWARD table
is not set up to reject or drop packets.  I'm not sure if the
Dicom machine will be able to get a DHCP lease at this point, so
make sure it has obtained an IP address before disconnecting it
from the main network and plugging it into the laptop.

Hopefully someone else can chime in as I'm fairly lost at this
point and not sure if any other steps are required.

> I'm also wondering about services running on the laptop polluting the
> monitoring of the traffic, this ubuntu is the server edition, set up to
> run some dicom network services on start, do I have to kill a bunch of
> things, or start in a particular way in order to keep ubuntu from
> sending its own traffic out?

You should be able to set up a rule in the iptables OUTPUT table
to prevent packets having one of the laptop's IP addresses as the
source address from leaving the laptop.

Vance Kochenderfer        |  "Get me out of these ropes and into a
vkochend at nyx.net          |   good belt of Scotch"    -Nick Danger


More information about the wplug mailing list