LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue44/tag/12.html

300 lines
11 KiB
HTML
Raw Permalink Blame History

<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html>
<head>
<META NAME="generator" CONTENT="lgazmail v1.2M.j">
<TITLE>The Answer Guy 44: more on: TCP/IP Port Relaying</TITLE>
</HEAD><BODY BGCOLOR="#FFFFFF" TEXT="#000000"
LINK="#3366FF" VLINK="#A000A0">
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H4>"The Linux Gazette...<I>making Linux just a little more fun!</I>"</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<center>
<H1><A NAME="answer">
<img src="../../gx/dennis/qbubble.gif" alt="(?)"
border="0" align="middle">
<font color="#B03060">The Answer Guy</font>
<img src="../../gx/dennis/bbubble.gif" alt="(!)"
border="0" align="middle">
</A></H1>
<BR>
<H4>By James T. Dennis,
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a><BR>
LinuxCare,
<A HREF="http://www.linuxcare.com/">http://www.linuxcare.com/</A>
</H4>
</center>
<p><hr><p>
<!-- endcut ======================================================= -->
<!-- begin 13 -->
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
height="50" width="60" alt="(?) " border="0"
>TCP/IP Port Relaying</H3>
<p><strong>From Lawrence Tung on Sun, 04 Jul 1999
</strong></p>
<!-- ::
TCP/IP Port Relaying
~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Hi, Jim:
</STRONG></P>
<P><STRONG>
I have only one registered IP address (let say 24.1.2.3) and I have a server
that run as a firewall and use IP masquerade to serve a couple of other
workstations (by using private 192.168.x.x).
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
You're using IP masquerading to allow some of your
client systems access to another network (presumably
the Internet).
</BLOCKQUOTE>
<BLOCKQUOTE>
The phrase "serve a couple of other workstations" is
confusing. You normally can't access a server on
a private net through a masquerading router.
</BLOCKQUOTE>
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Now, I want to use net2phone to connect to my workstations but the
workstation is using 192.168.x.x address. Is there a way (or any package)
that can accept listen to the server machine for a particular port and
forward the request to a particular port on the workstations.
</STRONG></P>
<P><STRONG>
Let say:
</STRONG></P>
<Pre><STRONG>
listen to: 24.1.2.3:2000 forward to: 192.168.0.1:2000
listen to: 24.1.2.3:2001 forward to: 192.168.0.2:2000
</STRONG></Pre>
<P><STRONG>
I've tried to use ipfwadm but it doesn't work. Any idea? Or maybe I must
have typed the ipfwadm command incorrectly.
</STRONG></P>
<P><STRONG>
Thanks.
<br>Lawrence
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
I've never heard of net2phone.
</BLOCKQUOTE>
<BLOCKQUOTE>
I guess you were thinking about using ipfwadm's -r
(relay) option. However you can't do it quite as
you expected. What this allows you to do is to relay
packets that match a given packet pattern to a socket on
the localhost.
</BLOCKQUOTE>
<BLOCKQUOTE>
So you might be able to use a command like:
</BLOCKQUOTE>
<BLOCKQUOTE><BlockQuote><Code>
ipfwadm -I -a acc -r 12345 -D 24.1.2.3 2000
</Code></BlockQuote></BLOCKQUOTE>
<BLOCKQUOTE>
... with another command like '<tt>redir</tt>' (Freshmeat URL:
<A HREF="http://www.freshmeat.net/appindex/1999/03/14/921462694.html"
>http://www.freshmeat.net/appindex/1999/03/14/921462694.html</A>)
like:
</BLOCKQUOTE>
<BLOCKQUOTE><BlockQuote><Code>
redir --lport=12345 --caddr=192.168.0.1 --cport=2000
</Code></BlockQuote></BLOCKQUOTE>
<BLOCKQUOTE>
The first command (issued on your Linux router/gateway ---
the one doing the IP Masquerading) will accept traffic
on port 2000 of your "real address" and redirect it to
12345 (any arbitrary port you've chosen). The other
command (also executed on the same system as the first)
will listen on localhost port 12345 and make a
relay connection to 192.168.0.1 on port 2000. It will
also automatically relay back any responses.
</BLOCKQUOTE>
<BLOCKQUOTE>
This is basically what programs like the TIS FWTK plug-gw
(Firewall Toolkit, originally by TIS --- Trusted Information
System Inc, now owned by NAI, Network Associates, Inc) and
other proxy tools do.
</BLOCKQUOTE>
<BLOCKQUOTE>
Of course you don't actually need to use the ipfwadm
command in your case. You could just use:
</BLOCKQUOTE>
<BLOCKQUOTE><BlockQuote><code>
redir --lport=2000 --caddr=192.168.0.1 --cport=2000
<br>redir --lport=2001 --caddr=192.168.0.2 --cport=2001
</code></BlockQuote></BLOCKQUOTE>
<BLOCKQUOTE>
In fact there are several free utilities that do
this. Another is simply called 'proxy' (Freshmeat URL:
<A HREF="http://www.freshmeat.net/appindex/1999/04/21/924706079.html"
>http://www.freshmeat.net/appindex/1999/04/21/924706079.html</A>)
</BLOCKQUOTE>
<BLOCKQUOTE>
Of the two I just grabbed redir to write this answer
(though I'd been planning on playing with this sort of
thing for awhile anyway). I'm not particular found
of redir's command line style, but it does support
the TCP Wrappers library and it allows the option of
being launched through inetd and to set it's TCP
Wrappers name when its running standalone.
</BLOCKQUOTE>
<BLOCKQUOTE>
The '<tt>proxy</tt>' command includes its own filtering
parser (which doesn't seem to be as sophisticated as
the TCP Wrappers package and surely hasn't been
tested as extensively by as many netizens.
</BLOCKQUOTE>
<BLOCKQUOTE>
The cases where you might might want to do this
ipfwadm redirection would be to "funnel" a bunch
of different destination addresses to one process.
</BLOCKQUOTE>
<BLOCKQUOTE>
For example, you might want to force all of your
local systems to transparent get redirected to a
Squid web proxy any time they were access any
port 80 on any address out on the Internet.
</BLOCKQUOTE>
<BLOCKQUOTE><blockquote><code>
ipfwadm -I -a acc -r 3128 -D 0.0.0.0/0 80
</code></blockquote></BLOCKQUOTE>
<BLOCKQUOTE>
... this will "catch" all traffic destined for
port 80 of anywhere and redirect it to your
router's port 3128. For a more detailed
discussion of this sort of usage look at the
SQUID FAQ: Transparent Caching/Proxying (section
17: <A HREF="http://squid.nlanr.net/Squid/FAQ/FAQ-17.html#ss17.2"
>http://squid.nlanr.net/Squid/FAQ/FAQ-17.html#ss17.2</A>).
</BLOCKQUOTE>
<BLOCKQUOTE>
There are obviously other ways you could use this.
</BLOCKQUOTE>
<!-- sig -->
<!-- end 13 -->
<P> <hr width="40%" align="center"> <P>
<!-- begin 12 -->
<H3 align="left"><img src="../../gx/dennis/qbubble.gif"
height="50" width="60" alt="(?) " border="0"
>more on: TCP/IP Port Relaying</H3>
<p><strong>From Lawrence Tung on Thu, 22 Jul 1999
</strong></p>
<!-- ::
more on: TCP/IP Port Relaying
~~~~~~~~~~~~~~~~~~~~
:: -->
<P><STRONG><IMG SRC="../../gx/dennis/qbub.gif" ALT="(?)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Hi, Jim:
</STRONG></P>
<P><STRONG>
Thanks for your help. The "redir" works pretty good but I guess it only
support TCP but not UDP. Do you know any pacakage that support UDP too?
</STRONG></P>
<P><STRONG>
Lawrence
</STRONG></P>
<BLOCKQUOTE><IMG SRC="../../gx/dennis/bbub.gif" ALT="(!)"
HEIGHT="28" WIDTH="50" BORDER="0"
>
Look for udprelay at:
</BLOCKQUOTE>
<BLOCKQUOTE><DL><DT>
Metalab: Index of <TT>/pub/Linux/system/network/misc</TT>
<DD><A HREF="http://metalab.unc.edu/pub/Linux/system/network/misc"
>http://metalab.unc.edu/pub/Linux/system/network/misc</A>
</DL></BLOCKQUOTE>
<!-- sig -->
<!-- end 12 -->
<!--startcut ======================================================= -->
<P> <hr> <P>
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
>Copyright &copy;</a> 1999, James T. Dennis
<BR>Published in <I>The Linux Gazette</I> Issue 44 August 1999</H5>
<H6 ALIGN="center">HTML transformation by
<A HREF="mailto:star@starshine.org">Heather Stern</a> of
Starshine Techinical Services,
<A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
</H6>
<P> <hr> <P>
<!-- begin tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::-->
<TABLE WIDTH="98%"><TR VALIGN="center" ALIGN="center">
<TD ROWSPAN="2" COLSPAN="3" WIDTH="42%"><A
HREF="../lg_answer44.html"
><IMG SRC="../../gx/dennis/answernew.gif"
ALT="[ Answer Guy Index ]"></A></td>
<TD WIDTH="14%"><A HREF="1.html">1</A></TD>
<TD WIDTH="14%"><A HREF="4.html">4</A></TD>
<TD WIDTH="14%"><A HREF="7.html">7</A></TD>
<TD WIDTH="14%"><A HREF="9.html">9</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD WIDTH="14%"><A HREF="11.html">11</A></TD>
<TD WIDTH="14%"><A HREF="12.html">12</A></TD>
<TD WIDTH="14%"><A HREF="14.html">14</A></TD>
<TD WIDTH="14%"><A HREF="17.html">17</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD><A HREF="18.html">18</A></TD>
<TD><A HREF="19.html">19</A></TD>
<TD><A HREF="20.html">20</A></TD>
<TD><A HREF="21.html">21</A></TD>
<TD><A HREF="24.html">24</A></TD>
<TD><A HREF="25.html">25</A></TD>
<TD><A HREF="26.html">26</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD><A HREF="28.html">28</A></TD>
<TD><A HREF="29.html">29</A></TD>
<TD><A HREF="30.html">30</A></TD>
<TD><A HREF="31.html">31</A></TD>
<TD><A HREF="32.html">32</A></TD>
<TD><A HREF="33.html">33</A></TD>
<TD><A HREF="34.html">34</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD><A HREF="35.html">35</A></TD>
<TD><A HREF="36.html">36</A></TD>
<TD><A HREF="37.html">37</A></TD>
<TD><A HREF="38.html">38</A></TD>
<TD><A HREF="39.html">39</A></TD>
<TD><A HREF="40.html">40</A></TD>
<TD><A HREF="41.html">41</A></TD>
</TR><TR VALIGN="center" ALIGN="center">
<TD><A HREF="42.html">42</A></TD>
<TD><A HREF="43.html">43</A></TD>
<TD><A HREF="44.html">44</A></TD>
<TD><A HREF="45.html">45</A></TD>
<TD><A HREF="46.html">46</A></TD>
<TD><A HREF="47.html">47</A></TD>
<TD><A HREF="48.html">48</A></TD>
</TR></TABLE>
<!-- end tagnav ::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<P> <hr> <P>
<!-- begin lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<A HREF="../index.html"
><IMG SRC="../../gx/indexnew.gif" ALT="[ Table Of Contents ]"></A>
<A HREF="/index.html"
><IMG SRC="../../gx/homenew.gif" ALT="[ Front Page ]"></A>
<A HREF="../lg_bytes44.html"
><IMG SRC="../../gx/back2.gif" ALT="[ Previous Section ]"></A>
<A HREF="../lg_tips44.html"
><IMG SRC="../../gx/fwd.gif" ALT="[ Next Section ]"></A>
<!-- end lgnav ::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
</BODY></HTML>
<!--endcut ========================================================= -->
Reference in New Issue View Git Blame Copy Permalink