Building a Network Appliance Prototype Using a standard PC with Linux and Two NIC's

Question

I am willing to build a prototype of network appliance. This appliance is suppose to transparently manipulate Ethernet packets. It suppose to have two network interface cards having one card connected to the outside leg (i.e. eth0) and the other to the inside leg (i.e. eth1).

In a typical network layout as in the attached image, it will be placed between the router and the LAN's switch.

My plans are to write a software that hooks at the kernel driver level and do whatever I need to do to incoming and outgoing packets.

For instance, an "outgoing" packet (at eth1) would be manipulated and passed over to the other NIC (eth0) which then should be transported over to the next hope

My questions are:

1. Is this doable?
2. Those NIC's will have no IP address, is that should be a problem?

Thanks in advance for your answers.

(And no, there is no such device yet in the market, so please, "why reinvent the wheel" style of answers are irrelevant)

typical network diagram http://img163.imageshack.us/img163/1249/stackpost.png

Answer 1

I'd suggest libipq, which seems to do just what you want:

Netfilter provides a mechanism for passing packets out of the stack for queueing to userspace, then receiving these packets back into the kernel with a verdict specifying what to do with the packets (such as ACCEPT or DROP). These packets may also be modified in userspace prior to reinjection back into the kernel.

Answer 2

Apparently, it can be done. I am actually trying to build a prototype of it using scapy

Answer 3

as long as the NICs are set to promiscous mode, they catch packets on the network without the need of an IP address set on them. I know it can be done as there are a lot of companies that produce the same type of equipment (I.E: Juniper Networks, Cisco, F5, Fortinet ect.)