Re: IP forwarding?

To: "Alexandros Papadopoulos" <apapadop@alumni.cmu.edu>, <debian-isp@lists.debian.org>
Subject: Re: IP forwarding?
From: "Jason Lim" <maillist@jasonlim.com>
Date: Thu, 31 Mar 2005 17:34:06 +0800
Message-id: <[🔎] 003601c535d5$48850330$4bedfea9@tw1>
Reply-to: "Jason Lim" <maillist@jasonlim.com>
References: <[🔎] 0a1301c534fa$0cfd91a0$4bedfea9@tw1> <[🔎] 200503301108.26671.apapadop@alumni.cmu.edu> <[🔎] 0a9501c53535$1f4c4c80$4bedfea9@tw1> <[🔎] 200503311125.22924.apapadop@alumni.cmu.edu>

I'll let you know!

----- Original Message ----- 
From: "Alexandros Papadopoulos" <apapadop@alumni.cmu.edu>
To: <debian-isp@lists.debian.org>
Sent: Thursday, March 31, 2005 4:25 PM
Subject: Re: IP forwarding?


> On Wednesday 30 March 2005 17:07, Jason Lim wrote:
> > ----- Original Message -----
> > From: "Alexandros Papadopoulos" <apapadop@alumni.cmu.edu>
> <snip>
> > > On Wednesday 30 March 2005 10:28, Jason Lim wrote:
> > > <snip>
> > >
> > > > I basically have 2 networks, each with 32 IPs.
> > > >
> > > > Say the first network is 1.2.3.1-32
> > > > and the second network is 5.6.7.1-32
> > > >
> > > > Is there a way to make it so requests for 1.2.3.1 go to 5.6.7.1,
> > > > and 1.2.3.2 go to 5.6.7.2, so basically map 1.2.3.1-32 to go to
> > > > 5.6.7.1-32?
> > >
> > > So you need the following:
> > >
> > > * The gateway that will receive packets destined to 1.2.3.0/32 to
> > > have a route to the 5.6.7.0/32 network.
> > > * The gateway running iptables rules that will forward any request
> > > to 1.2.3.[1-32] to 5.6.7.[1-32] and of course fiddle with the
> > > source address of reply packets to make it work.
> > >
> > > The former is pretty simple, route add blah blah. The latter can be
> > > done with iptables as described here:
> >
> > http://www.linuxsecurity.com/resource_files/firewalls/IPTables-Tutori
> >al/iptables-tutorial.html#DNATTARGET
> >
> > > I'm not sure if you can use DNAT rules for subnets, or you need to
> > > do it on a host-by-host basis. Worst case scenario, you'd end up
> > > with 32 rules.
> > >
> > > Are you sure you can't get around this with updated DNS records?
> > >
> > > -A
> >
> > Thanks Alexandros!
> >
> > I cannot do this with DNS records because some of the visitors use
> > hardcoded IPs rather than domains or hostnames (yes, bad design, but
> > too late to change it now).
> >
> > The question i have tho... for the servers at 5.6.7.[1-32], if a
> > client computer visits the corresponding IP at 1.2.3.[1-32], it would
> > show only 5.6.7.[1-32] and not the actual client computer/website
> > visitor, right?
>
> I'm not sure what you mean here. Are you worried that e.g. a web server
> in your 5.6.7.x subnet will not record the real IP of the visitor in
> its logs, and instead record 1.2.3.x addresses as the originating IPs?
>
> DNAT will not do that, I think. It should preserve the original (client)
> IP in the packet that gets forwarded to the 5.6.7.x network. Not sure
> though - let us know when you try it out.
>
> -A
>
>
> -- 
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>

Reply to:

References:
- IP forwarding?
  - From: "Jason Lim" <maillist@jasonlim.com>
- Re: IP forwarding?
  - From: Alexandros Papadopoulos <apapadop@alumni.cmu.edu>
- Re: IP forwarding?
  - From: "Jason Lim" <maillist@jasonlim.com>
- Re: IP forwarding?
  - From: Alexandros Papadopoulos <apapadop@alumni.cmu.edu>

Prev by Date: Re: IP forwarding?
Next by Date: Re: Courier or Cyrus
Previous by thread: Re: IP forwarding?
Next by thread: Re: IP forwarding?
Index(es):
- Date
- Thread