[ale] Port fowarding
JK
jknapka at kneuro.net
Thu Oct 29 12:17:58 EDT 2009
Atlanta Geek wrote:
> Machine A is a client
> Machine B is a router
> Machine C is a server/host
>
> If we forward port 23 (for example) on a router to A server (C) for
> example. Does the router need to be the server's gateway?
> On server C does it look like traffic is coming from the router (B) or
> the original client machine(A).
>
Depends on how you do it.
1) Use iptables rules (untested, but something really similar to this will work):
iptables -t nat -I PREROUTING -s Machine_A -d Machine_B -p tcp --dport 23 -j DNAT Machine_C
iptables -t nat -I POSTROUTING -s Machine_A -d Machine_C -p tcp --dport 23 -j SNAT Machine_B
Here the SNAT rule ensures that forwarded traffic appears to come from Machine B. (You should use IP
addrs in place of the machine names.)
2) Use a port-forwarding tool such as netcat:
On Machine B:
nc -l -p 23 -c "nc Machine_C 23"
(note, this will hang up after the first connection, so some additional script-fu is needed to make
it really useful).
In this case, nc maintains two separate connections, one between Machine A and Machine B, and
another between Machine B and Machine C, and shovels data between them. So no routing issues. There
are other tools (like socat: http://directory.fsf.org/project/socat/ ) that do the same job a bit
more nicely.
-- JK
More information about the Ale
mailing list