Today I wanted to transparantly redirect the DNS requests coming at the output of a tunnel to a local caching DNS resolver. The caching DNS was listening only on the loopback as port 53 was already bound to other interfaces. That would be fairly simple on Linux:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -i tun0 -p udp --dport 53 -j DNAT --to-destination 127.0.0.1
iptables -A FORWARD -i tun0 -o lo -p udp --dport 53 -j ACCEPT
But… The kernel will refuse to route packets with the loopback as source or destination because this qualify as a martian packet. The solution was to enable the
route_localnet flag. As stated in the kernel documentation:
route_localnet – BOOLEAN: Do not consider loopback addresses as martian source or destination while routing. This enables the use of 127/8 for local routing purposes (default FALSE).
This is per interface. So I just had to enable this on the tunnel interface:
echo 1 > /proc/sys/net/ipv4/conf/tun0/route_localnet
I just reinstalled a Debian stable on a laptop but messed with the interfaces so that an external USB WiFi card appeared as wlan0 while the main card appeared as wlan1. In case you wondered you can rename or reset interface names in
/etc/udev/rules.d/70-persistent-net.rules. That’s on systemd though.
I wonder how we can change that on sysvinit? Nobody cares, probably, but I do.
According to what I read there, it is not consistent. Interfaces are named in the order in which they appear during the boot process. However it is possible to use ifrename from the wireless tools package. Why this tool that should work for all type of interface is part of the wireless tools package is beyond my comprehension. But hey whatever, Linux, and it just works.
If you are curious and want to know how ifrename actually does rename an interface, according to the code it uses a
SIOCSIFNAME ioctl on a socket file descriptor. There it passes a
struct ifreq in which you can provide a new name for the interface. Just man netdevice(7) for more info.