[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: port forwarding question

Maybe you can use masquerading to accomplish your task. Something like:

iptables -t nat -A POSTROUTING -d <ip of B> -j MASQUERADE

This way, B should think, A is the source. I haven't tested this, though -
just a thought.


"Peter A. Felvegi" <felvegip@drmatrixbank.hu> schrieb im Newsbeitrag
> hello all,
>  there are two boxes, A and B. is it possible to set up the firewalls and
> port forwarding on them that a port on A is forwarded to B, but one can
> not connect to B directly? both machines have direct inet connection.
>  the whole point should be to have the users think that they connect to A,
> but in practice they connect to B. they shouldn't discover the trick, so
> direct connections to B are forbidden. btw, is it possible to detect port
> forwarding by watching the traffic?
>  i can do the port forwarding part w/ iptables prerouting, but currently
> i'm not able to restrict the access to B. if C (the client) connects to
> A, it is forwarded and B sees the source ip C. filtering out C in the fw
> rules of B will forbid both the direct and the indirect (through A)
> connection. is there a solution?
> thanks, p

Reply to: