From: "Rio Martin." <rio@martin.mu>
To: netfilter@lists.netfilter.org
Subject: Re: Traffic Reflecting / Redirecting
Date: Fri, 4 Apr 2003 10:48:26 +0700 [thread overview]
Message-ID: <004001c2fa5d$146c2750$6401a8c0@server> (raw)
> Are u sure ?
> I tried just as Daniel said, and it work.
> Perhaps u should check, is there any firewall in both servers blocking
your
> packet to port 22 ?
>
> Regards,
> Rio Martin.
>
>
> ----- Original Message -----
> From: "Andrew Brink" <abrink@netstandard.net>
> To: "Daniel Chemko" <dchemko@smgtec.com>; <netfilter@lists.netfilter.org>
> Sent: Friday, April 04, 2003 8:31 AM
> Subject: RE: Traffic Reflecting / Redirecting
>
>
> I tried this, but for some reason it did not work, I was unable to ssh
> in...
>
> -----Original Message-----
> From: Daniel Chemko [mailto:dchemko@smgtec.com]
> Sent: Thursday, April 03, 2003 4:48 PM
> To: Andrew Brink; netfilter@lists.netfilter.org
> Subject: RE: Traffic Reflecting / Redirecting
>
>
> If you have a single entry point and a single IP address, this is a
> non-issue.
>
> iptables -A PREROUTING -j DNAT -p tcp --destination-port 22
> --destination 10.1.1.1 --to-destination 192.168.1.1
>
> If you have multiple gateways that a PC can use to get out of a network,
> there is no guarantee that the return packet will take the correct path
> back through 10.1.1.1. In this case I don't believe there is a way to
> accomplish this with total transparency.
>
> You can use an SNAT rule to make 192.168.1.1 see the middle party, but
> the originating host would still be unknowing of any NAT occurrences.
>
> Hope this helps.
>
> -----Original Message-----
> From: Andrew Brink [mailto:abrink@netstandard.net]
> Sent: Thursday, April 03, 2003 1:36 PM
> To: netfilter@lists.netfilter.org
> Subject: Traffic Reflecting / Redirecting
>
> All -
>
> I am trying to set up a box that can reflect traffic to another box
> transparently.
>
> An Example would be: Initiate a ssh connection to 10.1.1.1, 10.1.1.1
> then sends this packet to 192.168.1.1, then the return path must also go
> through 10.1.1.1.
>
> The trick is getting this to work transparently, and over the internet,
> not a local network.
>
> Any thoughts or ideas would be helpful.
>
> Thanks.
>
> Andrew Brink, CCNA, WCSP
> NetStandard, Inc.
> 913-262-3888
>
>
>
>
next reply other threads:[~2003-04-04 3:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-04 3:48 Rio Martin. [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-04-04 1:31 Traffic Reflecting / Redirecting Andrew Brink
2003-04-03 22:48 Daniel Chemko
2003-04-03 21:36 Andrew Brink
2003-04-04 5:13 ` Anthony M. Rasat
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='004001c2fa5d$146c2750$6401a8c0@server' \
--to=rio@martin.mu \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.