[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: man-in-the-middle

Am Do, den 07.10.2004 schrieb Hans du Plooy um 12:21:
> Hi guys,
> I need to drop a box inbetween two public services (windows boxen), that will 
> route traffic between the two.   They *can* see each other directly, but are 
> not allowed to (for reasons beyond my control).   So far so good, except for 
> one thing.  It looks like this:
> A (win)  -----------------------  B (lin) ------------------------  C (win)
Put A and C on different subnets.
Let B do the routing between the subnets.
Use NAT (network address translation) in order to make A believe it is
talking to C. Do whatever you please with the traffic on B ( e.g. port
forwarding to C).
> What should happen is that A will contact B (on B's IP) thinking that it is 
> the windows PC.  And vice-versa.  C will contact B (on B's IP) thinking it is 
> A.  So NATing both ways.   Any traffic arriving at A sent from C will look to 
> A as if it's coming from B, and vice versa.   I hope that's clear enough.
> B has two interfaces, and I have no access to  A or C - can't change anything 
> on them.  Let's say the IPs are:
> A =
> B = and
> C =
> I've been reading loads of iptables docs, most of Rusty Russel's stuff too but 
> it's confusing me more.  From what he writes it almost looks like I'll need 
> more than one machine inbetween, which is also out of the question (rackspace 
> costs money).
> Any suggestions will be appreciated!
> Thanks 
> -- 
> Kind regards
> Hans du Plooy
> Newington Consulting Services
> hansdp at newingtoncs dot co dot za
Juergen Lueters
Von der Handelskammer Bremen oeffentlich bestellter und vereidigter
Sachverstaendiger fuer Systeme und Anwendungen der Informationsverarbeitung
Intranet Engineering GmbH	 Fahrenheitstr. 1, D-28359 Bremen
Tel: +49-421-2208-171		 E-Mail:jlueters@intranet-engineering.de
web: www.intranet-engineering.de www.sv.lueters.de

Reply to: