300 lines
11 KiB
HTML
300 lines
11 KiB
HTML
<!--startcut ======================================================= -->
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
|
<html>
|
|
<head>
|
|
<META NAME="generator" CONTENT="lgazmail v1.2M.j">
|
|
<TITLE>The Answer Guy 44: more on: TCP/IP Port Relaying</TITLE>
|
|
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
|
|
LINK="#3366FF" VLINK="#A000A0">
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
|
|
<P> <hr> <P>
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<center>
|
|
<H1><A NAME="answer">
|
|
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
|
|
border="0" align="middle">
|
|
<font color="#B03060">The Answer Guy</font>
|
|
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
|
|
border="0" align="middle">
|
|
</A></H1>
|
|
<BR>
|
|
<H4>By James T. Dennis,
|
|
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
|
|
LinuxCare,
|
|
<A HREF="http://www.linuxcare.com/">http://www.linuxcare.com/</A>
|
|
</H4>
|
|
</center>
|
|
|
|
<p><hr><p>
|
|
<!-- endcut ======================================================= -->
|
|
<!-- begin 13 -->
|
|
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
|
|
height="50" width="60" alt="(?) " border="0"
|
|
>TCP/IP Port Relaying</H3>
|
|
|
|
|
|
<p><strong>From Lawrence Tung on Sun, 04 Jul 1999
|
|
</strong></p>
|
|
<!-- ::
|
|
TCP/IP Port Relaying
|
|
~~~~~~~~~~~~~~~~~~~~
|
|
:: -->
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Hi, Jim:
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
I have only one registered IP address (let say 24.1.2.3) and I have a server
|
|
that run as a firewall and use IP masquerade to serve a couple of other
|
|
workstations (by using private 192.168.x.x).
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
You're using IP masquerading to allow some of your
|
|
client systems access to another network (presumably
|
|
the Internet).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The phrase "serve a couple of other workstations" is
|
|
confusing. You normally can't access a server on
|
|
a private net through a masquerading router.
|
|
</BLOCKQUOTE>
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Now, I want to use net2phone to connect to my workstations but the
|
|
workstation is using 192.168.x.x address. Is there a way (or any package)
|
|
that can accept listen to the server machine for a particular port and
|
|
forward the request to a particular port on the workstations.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Let say:
|
|
</STRONG></P>
|
|
<Pre><STRONG>
|
|
listen to: 24.1.2.3:2000 forward to: 192.168.0.1:2000
|
|
listen to: 24.1.2.3:2001 forward to: 192.168.0.2:2000
|
|
</STRONG></Pre>
|
|
<P><STRONG>
|
|
I've tried to use ipfwadm but it doesn't work. Any idea? Or maybe I must
|
|
have typed the ipfwadm command incorrectly.
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Thanks.
|
|
<br>Lawrence
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
I've never heard of net2phone.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
I guess you were thinking about using ipfwadm's -r
|
|
(relay) option. However you can't do it quite as
|
|
you expected. What this allows you to do is to relay
|
|
packets that match a given packet pattern to a socket on
|
|
the localhost.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
So you might be able to use a command like:
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE><BlockQuote><Code>
|
|
ipfwadm -I -a acc -r 12345 -D 24.1.2.3 2000
|
|
</Code></BlockQuote></BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
... with another command like '<tt>redir</tt>' (Freshmeat URL:
|
|
<A HREF="http://www.freshmeat.net/appindex/1999/03/14/921462694.html"
|
|
>http://www.freshmeat.net/appindex/1999/03/14/921462694.html</A>)
|
|
like:
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE><BlockQuote><Code>
|
|
redir --lport=12345 --caddr=192.168.0.1 --cport=2000
|
|
</Code></BlockQuote></BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The first command (issued on your Linux router/gateway ---
|
|
the one doing the IP Masquerading) will accept traffic
|
|
on port 2000 of your "real address" and redirect it to
|
|
12345 (any arbitrary port you've chosen). The other
|
|
command (also executed on the same system as the first)
|
|
will listen on localhost port 12345 and make a
|
|
relay connection to 192.168.0.1 on port 2000. It will
|
|
also automatically relay back any responses.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
This is basically what programs like the TIS FWTK plug-gw
|
|
(Firewall Toolkit, originally by TIS --- Trusted Information
|
|
System Inc, now owned by NAI, Network Associates, Inc) and
|
|
other proxy tools do.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Of course you don't actually need to use the ipfwadm
|
|
command in your case. You could just use:
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE><BlockQuote><code>
|
|
redir --lport=2000 --caddr=192.168.0.1 --cport=2000
|
|
<br>redir --lport=2001 --caddr=192.168.0.2 --cport=2001
|
|
</code></BlockQuote></BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
In fact there are several free utilities that do
|
|
this. Another is simply called 'proxy' (Freshmeat URL:
|
|
<A HREF="http://www.freshmeat.net/appindex/1999/04/21/924706079.html"
|
|
>http://www.freshmeat.net/appindex/1999/04/21/924706079.html</A>)
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
Of the two I just grabbed redir to write this answer
|
|
(though I'd been planning on playing with this sort of
|
|
thing for awhile anyway). I'm not particular found
|
|
of redir's command line style, but it does support
|
|
the TCP Wrappers library and it allows the option of
|
|
being launched through inetd and to set it's TCP
|
|
Wrappers name when its running standalone.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The '<tt>proxy</tt>' command includes its own filtering
|
|
parser (which doesn't seem to be as sophisticated as
|
|
the TCP Wrappers package and surely hasn't been
|
|
tested as extensively by as many netizens.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
The cases where you might might want to do this
|
|
ipfwadm redirection would be to "funnel" a bunch
|
|
of different destination addresses to one process.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
For example, you might want to force all of your
|
|
local systems to transparent get redirected to a
|
|
Squid web proxy any time they were access any
|
|
port 80 on any address out on the Internet.
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE><blockquote><code>
|
|
ipfwadm -I -a acc -r 3128 -D 0.0.0.0/0 80
|
|
</code></blockquote></BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
... this will "catch" all traffic destined for
|
|
port 80 of anywhere and redirect it to your
|
|
router's port 3128. For a more detailed
|
|
discussion of this sort of usage look at the
|
|
SQUID FAQ: Transparent Caching/Proxying (section
|
|
17: <A HREF="http://squid.nlanr.net/Squid/FAQ/FAQ-17.html#ss17.2"
|
|
>http://squid.nlanr.net/Squid/FAQ/FAQ-17.html#ss17.2</A>).
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE>
|
|
There are obviously other ways you could use this.
|
|
</BLOCKQUOTE>
|
|
<!-- sig -->
|
|
|
|
<!-- end 13 -->
|
|
<P> <hr width="40%" align="center"> <P>
|
|
<!-- begin 12 -->
|
|
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
|
|
height="50" width="60" alt="(?) " border="0"
|
|
>more on: TCP/IP Port Relaying</H3>
|
|
|
|
<p><strong>From Lawrence Tung on Thu, 22 Jul 1999
|
|
</strong></p>
|
|
<!-- ::
|
|
more on: TCP/IP Port Relaying
|
|
~~~~~~~~~~~~~~~~~~~~
|
|
:: -->
|
|
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Hi, Jim:
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Thanks for your help. The "redir" works pretty good but I guess it only
|
|
support TCP but not UDP. Do you know any pacakage that support UDP too?
|
|
</STRONG></P>
|
|
<P><STRONG>
|
|
Lawrence
|
|
</STRONG></P>
|
|
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
|
|
HEIGHT="28" WIDTH="50" BORDER="0"
|
|
>
|
|
Look for udprelay at:
|
|
</BLOCKQUOTE>
|
|
<BLOCKQUOTE><DL><DT>
|
|
Metalab: Index of <TT>/pub/Linux/system/network/misc</TT>
|
|
<DD><A HREF="http://metalab.unc.edu/pub/Linux/system/network/misc"
|
|
>http://metalab.unc.edu/pub/Linux/system/network/misc</A>
|
|
</DL></BLOCKQUOTE>
|
|
<!-- sig -->
|
|
|
|
<!-- end 12 -->
|
|
<!--startcut ======================================================= -->
|
|
<P> <hr> <P>
|
|
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
|
|
>Copyright ©</a> 1999, James T. Dennis
|
|
<BR>Published in <I>The Linux Gazette</I> Issue 44 August 1999</H5>
|
|
<H6 ALIGN="center">HTML transformation by
|
|
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
|
|
Starshine Techinical Services,
|
|
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
|
|
</H6>
|
|
<P> <hr> <P>
|
|
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<TABLE WIDTH="98%"><TR VALIGN="center" ALIGN="center">
|
|
<TD ROWSPAN="2" COLSPAN="3" WIDTH="42%"><A
|
|
HREF="../lg_answer44.html"
|
|
><IMG SRC="../../gx/dennis/answernew.gif"
|
|
ALT="[ Answer Guy Index ]"></A></td>
|
|
<TD WIDTH="14%"><A HREF="1.html">1</A></TD>
|
|
<TD WIDTH="14%"><A HREF="4.html">4</A></TD>
|
|
<TD WIDTH="14%"><A HREF="7.html">7</A></TD>
|
|
<TD WIDTH="14%"><A HREF="9.html">9</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD WIDTH="14%"><A HREF="11.html">11</A></TD>
|
|
<TD WIDTH="14%"><A HREF="12.html">12</A></TD>
|
|
<TD WIDTH="14%"><A HREF="14.html">14</A></TD>
|
|
<TD WIDTH="14%"><A HREF="17.html">17</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD><A HREF="18.html">18</A></TD>
|
|
<TD><A HREF="19.html">19</A></TD>
|
|
<TD><A HREF="20.html">20</A></TD>
|
|
<TD><A HREF="21.html">21</A></TD>
|
|
<TD><A HREF="24.html">24</A></TD>
|
|
<TD><A HREF="25.html">25</A></TD>
|
|
<TD><A HREF="26.html">26</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD><A HREF="28.html">28</A></TD>
|
|
<TD><A HREF="29.html">29</A></TD>
|
|
<TD><A HREF="30.html">30</A></TD>
|
|
<TD><A HREF="31.html">31</A></TD>
|
|
<TD><A HREF="32.html">32</A></TD>
|
|
<TD><A HREF="33.html">33</A></TD>
|
|
<TD><A HREF="34.html">34</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD><A HREF="35.html">35</A></TD>
|
|
<TD><A HREF="36.html">36</A></TD>
|
|
<TD><A HREF="37.html">37</A></TD>
|
|
<TD><A HREF="38.html">38</A></TD>
|
|
<TD><A HREF="39.html">39</A></TD>
|
|
<TD><A HREF="40.html">40</A></TD>
|
|
<TD><A HREF="41.html">41</A></TD>
|
|
</TR><TR VALIGN="center" ALIGN="center">
|
|
<TD><A HREF="42.html">42</A></TD>
|
|
<TD><A HREF="43.html">43</A></TD>
|
|
<TD><A HREF="44.html">44</A></TD>
|
|
<TD><A HREF="45.html">45</A></TD>
|
|
<TD><A HREF="46.html">46</A></TD>
|
|
<TD><A HREF="47.html">47</A></TD>
|
|
<TD><A HREF="48.html">48</A></TD>
|
|
</TR></TABLE>
|
|
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
|
|
<P> <hr> <P>
|
|
<!-- begin lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<A HREF="../index.html"
|
|
><IMG SRC="../../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
|
|
<A HREF="/index.html"
|
|
><IMG SRC="../../gx/homenew.gif" ALT="[ Front Page ]"></A>
|
|
<A HREF="../lg_bytes44.html"
|
|
><IMG SRC="../../gx/back2.gif" ALT="[ Previous Section ]"></A>
|
|
<A HREF="../lg_tips44.html"
|
|
><IMG SRC="../../gx/fwd.gif" ALT="[ Next Section ]"></A>
|
|
<!-- end lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
|
|
</BODY></HTML>
|
|
<!--endcut ========================================================= -->
|