Send-To-Self interface flag Julian Anastasov , July 2003 Patches for different kernels: send-to-self-2.4.21-1.diff send-to-self-2.5.73-1.diff The presented patch implements routing of traffic between local IP addresses externally via ethernet interfaces. This patch is basically the Ben Greear's send-to-self work but reimplemented entirely on routing level. The idea is to return output route via external interfaces if path between two local IP addresses is requested and they are configured on different interfaces with /proc/sys/net/ipv4/conf/DEVNAME/loop set to 1. As result, arp_filter (if enabled - the recommended value) automatically accepts the ARP requests on the right interface. The rp_filter check is modified to accept traffic from such interfaces with local IP as sender, so using loop=1 for interfaces attached to insecure mediums is not recommended. Pros: - it can be used from all existing applications without change - it is not limited to 2 interfaces - you can use it with many IP addresses - does not depend on the rp_filter and arp_filter states, they can be set to 1 - the packets are not altered in any way, useful for QoS testings - the routing result is cached, the routing checks are not per packet Cons: - not possible to use it for interfaces attached to insecure mediums (the rp_filter protection allows saddr to be local IP). By design. Use at your own risk. The usage is simple: # Connect two or more interfaces to same hub or via crossover cable # Enable loopback mode for eth0 and eth1. This even can be # default mode without breaking any other talks. By this way # we allow external routing only between local IPs configured # on the specified interfaces. echo 1 > /proc/sys/net/ipv4/conf/eth0/loop echo 1 > /proc/sys/net/ipv4/conf/eth1/loop # Add some IP addresses for testing, eg. client and server IP ip address add 192.168.1.1 dev eth0 ip address add 192.168.2.1 dev eth1 # Testing with applications that are aware of this binding. # The main thing the apps need to know is what src and dst IP # addresses to use. The client app needs to bind to the src IP # and by this way to request output route to the dst IP. There # is no specific configuration for the server app listening on # 192.168.2.1 ping -I 192.168.1.1 192.168.2.1 # Note that specifying the output device (SO_BINDTODEVICE is # not recommended) # Testing with applications that are not aware of this feature: # for 192.168.1.1 client (the same for the server is not needed). # Note that by default, in local routes the kernel uses the local # IPs as preferred source. This is the safe default mode (if loop=1) # for applications that do not care what src IP will be used # for their talks with local IPs. We try to change that and to # use IPs from different interfaces. ip route replace local 192.168.2.1 dev eth1 scope host src 192.168.1.1 proto kernel # but for any case, here it is and for the "server": ip route replace local 192.168.1.1 dev eth0 scope host src 192.168.2.1 proto kernel # Testing it: ping 192.168.2.1 ping -I 192.168.1.1 192.168.2.1 telnet 192.168.2.1 # Note that by replacing the local route's preferred source IP address # we help the IP address autoselection to select proper IP to the # target, in our case, route via eth