From: "Rio Martin." <rio@martin.mu>
To: netfilter@lists.netfilter.org
Subject: Re: Traffic Reflecting / Redirecting
Date: Fri, 4 Apr 2003 10:48:26 +0700 [thread overview]
Message-ID: <004001c2fa5d$146c2750$6401a8c0@server> (raw)
> Are u sure ?
> I tried just as Daniel said, and it work.
> Perhaps u should check, is there any firewall in both servers blocking
your
> packet to port 22 ?
>
> Regards,
> Rio Martin.
>
>
> ----- Original Message -----
> From: "Andrew Brink" <abrink@netstandard.net>
> To: "Daniel Chemko" <dchemko@smgtec.com>; <netfilter@lists.netfilter.org>
> Sent: Friday, April 04, 2003 8:31 AM
> Subject: RE: Traffic Reflecting / Redirecting
>
>
> I tried this, but for some reason it did not work, I was unable to ssh
> in...
>
> -----Original Message-----
> From: Daniel Chemko [mailto:dchemko@smgtec.com]
> Sent: Thursday, April 03, 2003 4:48 PM
> To: Andrew Brink; netfilter@lists.netfilter.org
> Subject: RE: Traffic Reflecting / Redirecting
>
>
> If you have a single entry point and a single IP address, this is a
> non-issue.
>
> iptables -A PREROUTING -j DNAT -p tcp --destination-port 22
> --destination 10.1.1.1 --to-destination 192.168.1.1
>
> If you have multiple gateways that a PC can use to get out of a network,
> there is no guarantee that the return packet will take the correct path
> back through 10.1.1.1. In this case I don't believe there is a way to
> accomplish this with total transparency.
>
> You can use an SNAT rule to make 192.168.1.1 see the middle party, but
> the originating host would still be unknowing of any NAT occurrences.
>
> Hope this helps.
>
> -----Original Message-----
> From: Andrew Brink [mailto:abrink@netstandard.net]
> Sent: Thursday, April 03, 2003 1:36 PM
> To: netfilter@lists.netfilter.org
> Subject: Traffic Reflecting / Redirecting
>
> All -
>
> I am trying to set up a box that can reflect traffic to another box
> transparently.
>
> An Example would be: Initiate a ssh connection to 10.1.1.1, 10.1.1.1
> then sends this packet to 192.168.1.1, then the return path must also go
> through 10.1.1.1.
>
> The trick is getting this to work transparently, and over the internet,
> not a local network.
>
> Any thoughts or ideas would be helpful.
>
> Thanks.
>
> Andrew Brink, CCNA, WCSP
> NetStandard, Inc.
> 913-262-3888
>
>
>
>
next reply other threads:[~2003-04-04 3:48 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-04 3:48 Rio Martin. [this message]
-- strict thread matches above, loose matches on Subject: below --
2003-04-04 1:31 Traffic Reflecting / Redirecting Andrew Brink
2003-04-03 22:48 Daniel Chemko
2003-04-03 21:36 Andrew Brink
2003-04-04 5:13 ` Anthony M. Rasat
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='004001c2fa5d$146c2750$6401a8c0@server' \
--to=rio@martin.mu \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox