Re: port forwarding question
Maybe you can use masquerading to accomplish your task. Something like:
iptables -t nat -A POSTROUTING -d <ip of B> -j MASQUERADE
This way, B should think, A is the source. I haven't tested this, though -
just a thought.
"Peter A. Felvegi" <firstname.lastname@example.org> schrieb im Newsbeitrag
> hello all,
> there are two boxes, A and B. is it possible to set up the firewalls and
> port forwarding on them that a port on A is forwarded to B, but one can
> not connect to B directly? both machines have direct inet connection.
> the whole point should be to have the users think that they connect to A,
> but in practice they connect to B. they shouldn't discover the trick, so
> direct connections to B are forbidden. btw, is it possible to detect port
> forwarding by watching the traffic?
> i can do the port forwarding part w/ iptables prerouting, but currently
> i'm not able to restrict the access to B. if C (the client) connects to
> A, it is forwarded and B sees the source ip C. filtering out C in the fw
> rules of B will forbid both the direct and the indirect (through A)
> connection. is there a solution?
> thanks, p