[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: man-in-the-middle

On Thursday 07 October 2004 13:20, Hans du Plooy wrote:
> On Thursday 07 October 2004 23:03, Lord-Storm wrote:
> > I belive you want it to act as a router?
> Yes, basically.  The routing isn't so much the problem, but making the box
> in the middle look like the "other" box to either windows boxes is what I'm
> stuck at.   My iptables and routing skills aren't very good though.

Can you elaborate more on the network setup ?  I'm confused; if the machines 
are on the same subnet, you can't prevent them from talking to each other 
directly. If they're not, there is a router somewhere, and adding your box 
will certainly complicate the setup, both for you and for the router-person.
Also, does your box in the middle have one or two NICs ?

If the scenario is this: The boxes are now linked together but will be 
separate eventually, then the solution would be this: Put your box in 
between, give the NIC connected to box A the IP of box B, and vice versa. 
Then you can bridge (or route) between them.  
Another possibility might be, on the side that is connected to the LAN, run 
proxy-arp for the one box that is (alone) on the other side of the box.

The thing is, if you just bridge everything, there is little use, is there. 
The real question is _why_ do you need the box in the middle.  If all it 
should look like to the boxen is just thin air, I don't see what (legal) 
purpose that box would serve. Is it for protection ? Monitoring ?

On that note: Do boxes A and C know that there is something in between them ? 
I know you said you couldn't change anything on them, but that leaves the 
question open as to awareness... Some tricks are less obvious than others.   


> > or use squid?
> It's not for web traffic.  It's software running on the two windows macines
> that has to communicate through each other but not directly.  (the what
> exactly and why I don't know unfortunately)
> Can squid forward any type of connection on any port transparently?
> Thanks
> --
> Kind regards
> Hans du Plooy
> Newington Consulting Services
> hansdp at newingtoncs dot co dot za

Linux: Because rebooting is for adding hardware.

Reply to: