Configure 2 NIC on the same subnet

Question

For debugging purpose I need to set up a MITM proxy between 2 devices. All devices have static IP (example) and are directly connected each other:

Device 1 : 192.168.10.50
Device 2 : 192.168.10.60

Proxy computer have 2 nic on the same subnet and is between other devices :
D1 .50 <=> [.60 PROXY .50] <=> D2 .60

My problem is, from the proxy if one of the 2 nic is disabled, D1 or D2 can reach the proxy.
Once I bring up the 2 nic, no one can see any other device. D1 and D2 ip can't be changed.

Proxy is linux centos 8.

Already tested :

• adding log on iptables : if 2 nic are up no more input / output log
• Drop all input / output then accept only right ip from right interface => no result
• Changing arp_filter = 1 and arp_announce = 2 => no result
• Testing multiple SO post about 2 nic on same subnet

If anyone can help.
Thanks .

Answer 1

I've found a solution which consist in creating a transparent proxy and intercept some packets.

1- Create a bridge with the 2 NIC :

nmcli connection add type bridge autoconnect yes con-name "br0" ifname "br0"
nmcli connection modify "br0" ipv4.addresses "192.168.10.10/24" ipv4.method manual
nmcli connection delete enp0s3
nmcli connection delete enp0s8
nmcli connection add type bridge-slave autoconnect yes con-name enp0s3 ifname enp0s3 master br0
nmcli connection add type bridge-slave autoconnect yes con-name enp0s8 ifname enp0s8 master br0

2 Add correct rules to intercept specific traffic

nft add table bridge mitm
nft add chain bridge mitm filter { type filter hook prerouting priority 0\; }
nft add rule bridge mitm filter tcp dport 10000 ip saddr 192.168.10.50 meta pkttype set host ether daddr set xx:xx:xx:xx:xx:xx # br0 mac address
nft add rule ip nat PREROUTING tcp dport 10000 ip saddr 192.168.10.50 dnat to 192.168.10.10

It worked for me.