Re: man-in-the-middle
Am Do, den 07.10.2004 schrieb Hans du Plooy um 12:21:
> Hi guys,
>
> I need to drop a box inbetween two public services (windows boxen), that will
> route traffic between the two. They *can* see each other directly, but are
> not allowed to (for reasons beyond my control). So far so good, except for
> one thing. It looks like this:
>
> A (win) ----------------------- B (lin) ------------------------ C (win)
>
Put A and C on different subnets.
Let B do the routing between the subnets.
Use NAT (network address translation) in order to make A believe it is
talking to C. Do whatever you please with the traffic on B ( e.g. port
forwarding to C).
> What should happen is that A will contact B (on B's IP) thinking that it is
> the windows PC. And vice-versa. C will contact B (on B's IP) thinking it is
> A. So NATing both ways. Any traffic arriving at A sent from C will look to
> A as if it's coming from B, and vice versa. I hope that's clear enough.
>
> B has two interfaces, and I have no access to A or C - can't change anything
> on them. Let's say the IPs are:
> A = 60.60.60.60
> B = 70.70.70.1 and 70.70.70.2
> C = 80.80.80.80
>
> I've been reading loads of iptables docs, most of Rusty Russel's stuff too but
> it's confusing me more. From what he writes it almost looks like I'll need
> more than one machine inbetween, which is also out of the question (rackspace
> costs money).
>
> Any suggestions will be appreciated!
>
> Thanks
> --
> Kind regards
> Hans du Plooy
> Newington Consulting Services
> hansdp at newingtoncs dot co dot za
--
Juergen Lueters
Von der Handelskammer Bremen oeffentlich bestellter und vereidigter
Sachverstaendiger fuer Systeme und Anwendungen der Informationsverarbeitung
Intranet Engineering GmbH Fahrenheitstr. 1, D-28359 Bremen
Tel: +49-421-2208-171 E-Mail:jlueters@intranet-engineering.de
web: www.intranet-engineering.de www.sv.lueters.de
Reply to: