Re: port forwarding question

To: debian-firewall@lists.debian.org
Subject: Re: port forwarding question
From: "Thomas Jachmann" <thomas.jachmann@mindmatters.de>
Date: Tue, 28 Oct 2003 14:46:45 +0100
Message-id: <[🔎] bnls05$qfl$1@sea.gmane.org>
References: <[🔎] Pine.LNX.4.43.0310281312410.13095-100000@www.drmatrixbank.hu>

Maybe you can use masquerading to accomplish your task. Something like:

iptables -t nat -A POSTROUTING -d <ip of B> -j MASQUERADE

This way, B should think, A is the source. I haven't tested this, though -
just a thought.

HTH,
Thomas

"Peter A. Felvegi" <felvegip@drmatrixbank.hu> schrieb im Newsbeitrag
[🔎] Pine.LNX.4.43.0310281312410.13095-100000@www.drmatrixbank.hu">news:[🔎] Pine.LNX.4.43.0310281312410.13095-100000@www.drmatrixbank.hu...
> hello all,
>
>  there are two boxes, A and B. is it possible to set up the firewalls and
> port forwarding on them that a port on A is forwarded to B, but one can
> not connect to B directly? both machines have direct inet connection.
>  the whole point should be to have the users think that they connect to A,
> but in practice they connect to B. they shouldn't discover the trick, so
> direct connections to B are forbidden. btw, is it possible to detect port
> forwarding by watching the traffic?
>  i can do the port forwarding part w/ iptables prerouting, but currently
> i'm not able to restrict the access to B. if C (the client) connects to
> A, it is forwarded and B sees the source ip C. filtering out C in the fw
> rules of B will forbid both the direct and the indirect (through A)
> connection. is there a solution?
>
> thanks, p
>
>
>

Reply to:

References:
- port forwarding question
  - From: "Peter A. Felvegi" <felvegip@drmatrixbank.hu>

Prev by Date: port forwarding question
Next by Date: which rule dropped the packet?
Previous by thread: port forwarding question
Next by thread: which rule dropped the packet?
Index(es):
- Date
- Thread