* Traffic Reflecting / Redirecting
@ 2003-04-03 21:36 Andrew Brink
2003-04-04 5:13 ` Anthony M. Rasat
0 siblings, 1 reply; 5+ messages in thread
From: Andrew Brink @ 2003-04-03 21:36 UTC (permalink / raw)
To: netfilter
All -
I am trying to set up a box that can reflect traffic to another box
transparently.
An Example would be: Initiate a ssh connection to 10.1.1.1, 10.1.1.1
then sends this packet to 192.168.1.1, then the return path must also go
through 10.1.1.1.
The trick is getting this to work transparently, and over the internet,
not a local network.
Any thoughts or ideas would be helpful.
Thanks.
Andrew Brink, CCNA, WCSP
NetStandard, Inc.
913-262-3888
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Traffic Reflecting / Redirecting
2003-04-03 21:36 Traffic Reflecting / Redirecting Andrew Brink
@ 2003-04-04 5:13 ` Anthony M. Rasat
0 siblings, 0 replies; 5+ messages in thread
From: Anthony M. Rasat @ 2003-04-04 5:13 UTC (permalink / raw)
To: netfilter
Hi Andrew,
I'm not an expert but I think what you need is called port forwarding. You
can look for an example - if you want to experiment yourself creating chains
which generated automatically - in http://www.morizot.net/firewall/gen and
costumize it for your need.
Regards,
Anthony M. Rasat.-
----- Original Message -----
From: "Andrew Brink" <abrink@netstandard.net>
To: <netfilter@lists.netfilter.org>
Sent: Friday, April 04, 2003 4:36 AM
Subject: Traffic Reflecting / Redirecting
All -
I am trying to set up a box that can reflect traffic to another box
transparently.
An Example would be: Initiate a ssh connection to 10.1.1.1, 10.1.1.1
then sends this packet to 192.168.1.1, then the return path must also go
through 10.1.1.1.
The trick is getting this to work transparently, and over the internet,
not a local network.
Any thoughts or ideas would be helpful.
Thanks.
Andrew Brink, CCNA, WCSP
NetStandard, Inc.
913-262-3888
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: Traffic Reflecting / Redirecting
@ 2003-04-03 22:48 Daniel Chemko
0 siblings, 0 replies; 5+ messages in thread
From: Daniel Chemko @ 2003-04-03 22:48 UTC (permalink / raw)
To: Andrew Brink, netfilter
If you have a single entry point and a single IP address, this is a
non-issue.
iptables -A PREROUTING -j DNAT -p tcp --destination-port 22
--destination 10.1.1.1 --to-destination 192.168.1.1
If you have multiple gateways that a PC can use to get out of a network,
there is no guarantee that the return packet will take the correct path
back through 10.1.1.1. In this case I don't believe there is a way to
accomplish this with total transparency.
You can use an SNAT rule to make 192.168.1.1 see the middle party, but
the originating host would still be unknowing of any NAT occurrences.
Hope this helps.
-----Original Message-----
From: Andrew Brink [mailto:abrink@netstandard.net]
Sent: Thursday, April 03, 2003 1:36 PM
To: netfilter@lists.netfilter.org
Subject: Traffic Reflecting / Redirecting
All -
I am trying to set up a box that can reflect traffic to another box
transparently.
An Example would be: Initiate a ssh connection to 10.1.1.1, 10.1.1.1
then sends this packet to 192.168.1.1, then the return path must also go
through 10.1.1.1.
The trick is getting this to work transparently, and over the internet,
not a local network.
Any thoughts or ideas would be helpful.
Thanks.
Andrew Brink, CCNA, WCSP
NetStandard, Inc.
913-262-3888
^ permalink raw reply [flat|nested] 5+ messages in thread
* RE: Traffic Reflecting / Redirecting
@ 2003-04-04 1:31 Andrew Brink
0 siblings, 0 replies; 5+ messages in thread
From: Andrew Brink @ 2003-04-04 1:31 UTC (permalink / raw)
To: Daniel Chemko, netfilter
I tried this, but for some reason it did not work, I was unable to ssh
in...
-----Original Message-----
From: Daniel Chemko [mailto:dchemko@smgtec.com]
Sent: Thursday, April 03, 2003 4:48 PM
To: Andrew Brink; netfilter@lists.netfilter.org
Subject: RE: Traffic Reflecting / Redirecting
If you have a single entry point and a single IP address, this is a
non-issue.
iptables -A PREROUTING -j DNAT -p tcp --destination-port 22
--destination 10.1.1.1 --to-destination 192.168.1.1
If you have multiple gateways that a PC can use to get out of a network,
there is no guarantee that the return packet will take the correct path
back through 10.1.1.1. In this case I don't believe there is a way to
accomplish this with total transparency.
You can use an SNAT rule to make 192.168.1.1 see the middle party, but
the originating host would still be unknowing of any NAT occurrences.
Hope this helps.
-----Original Message-----
From: Andrew Brink [mailto:abrink@netstandard.net]
Sent: Thursday, April 03, 2003 1:36 PM
To: netfilter@lists.netfilter.org
Subject: Traffic Reflecting / Redirecting
All -
I am trying to set up a box that can reflect traffic to another box
transparently.
An Example would be: Initiate a ssh connection to 10.1.1.1, 10.1.1.1
then sends this packet to 192.168.1.1, then the return path must also go
through 10.1.1.1.
The trick is getting this to work transparently, and over the internet,
not a local network.
Any thoughts or ideas would be helpful.
Thanks.
Andrew Brink, CCNA, WCSP
NetStandard, Inc.
913-262-3888
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Traffic Reflecting / Redirecting
@ 2003-04-04 3:48 Rio Martin.
0 siblings, 0 replies; 5+ messages in thread
From: Rio Martin. @ 2003-04-04 3:48 UTC (permalink / raw)
To: netfilter
> Are u sure ?
> I tried just as Daniel said, and it work.
> Perhaps u should check, is there any firewall in both servers blocking
your
> packet to port 22 ?
>
> Regards,
> Rio Martin.
>
>
> ----- Original Message -----
> From: "Andrew Brink" <abrink@netstandard.net>
> To: "Daniel Chemko" <dchemko@smgtec.com>; <netfilter@lists.netfilter.org>
> Sent: Friday, April 04, 2003 8:31 AM
> Subject: RE: Traffic Reflecting / Redirecting
>
>
> I tried this, but for some reason it did not work, I was unable to ssh
> in...
>
> -----Original Message-----
> From: Daniel Chemko [mailto:dchemko@smgtec.com]
> Sent: Thursday, April 03, 2003 4:48 PM
> To: Andrew Brink; netfilter@lists.netfilter.org
> Subject: RE: Traffic Reflecting / Redirecting
>
>
> If you have a single entry point and a single IP address, this is a
> non-issue.
>
> iptables -A PREROUTING -j DNAT -p tcp --destination-port 22
> --destination 10.1.1.1 --to-destination 192.168.1.1
>
> If you have multiple gateways that a PC can use to get out of a network,
> there is no guarantee that the return packet will take the correct path
> back through 10.1.1.1. In this case I don't believe there is a way to
> accomplish this with total transparency.
>
> You can use an SNAT rule to make 192.168.1.1 see the middle party, but
> the originating host would still be unknowing of any NAT occurrences.
>
> Hope this helps.
>
> -----Original Message-----
> From: Andrew Brink [mailto:abrink@netstandard.net]
> Sent: Thursday, April 03, 2003 1:36 PM
> To: netfilter@lists.netfilter.org
> Subject: Traffic Reflecting / Redirecting
>
> All -
>
> I am trying to set up a box that can reflect traffic to another box
> transparently.
>
> An Example would be: Initiate a ssh connection to 10.1.1.1, 10.1.1.1
> then sends this packet to 192.168.1.1, then the return path must also go
> through 10.1.1.1.
>
> The trick is getting this to work transparently, and over the internet,
> not a local network.
>
> Any thoughts or ideas would be helpful.
>
> Thanks.
>
> Andrew Brink, CCNA, WCSP
> NetStandard, Inc.
> 913-262-3888
>
>
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2003-04-04 5:13 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-04-03 21:36 Traffic Reflecting / Redirecting Andrew Brink
2003-04-04 5:13 ` Anthony M. Rasat
-- strict thread matches above, loose matches on Subject: below --
2003-04-03 22:48 Daniel Chemko
2003-04-04 1:31 Andrew Brink
2003-04-04 3:48 Rio Martin.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.