re-routing info to another port?

sde · 09-12-2002, 11:40 AM

I would like to use apple remote desktop from work. the problem is that it only communicates on port 3704 ( or something like that ) .. anyhow, it is a port that i can not communicate with from behind the firewall here at work.

is there a way to convert 1 port to another port in linux? kinda like how links work? except with ports?

it's a stretch, i know.

technobard · 09-12-2002, 05:05 PM

I've never tried this, but I believe you can use ssh to do what you want with TCP/IP forwarding. Check out the man page and/or do a google search for the details. If you figure it out, post the solution. I would be curious about the details myself.

sde · 09-13-2002, 07:53 AM

thanks, i'll check it out.

redhead · 09-13-2002, 10:46 AM

Are you thinking about iptables and DNAT ??
# iptables -t nat -A PREROUTING -i $EXTERN_NIC -p tcp --dport 23 -j DNAT --to 172.16.0.2:3704

Or some sort of REDIRECT of the connection ?
# iptables -t nat -A PREROUTING -p tcp --dport 23 -j REDIRECT --to-port 3704

The first one will redirect every connection comming to the firewall from the outside on port 23, to the internal IP on port 3704, the second one will redirect every connection on the machine comming on port 23, to port 3704 on the same machine.

technobard · 09-13-2002, 08:30 PM

That's cool, Redhead! You remind me of how little I know about some of this stuff. I went ahead and did a search on ssh and this is what I found (a snippet from a thread on the subject):

localhost:~> ssh -L 20110:mail.domain.com:110 mail.domain.com

What that does is is ssh me into mail.domain.com, redirecting localhost
port 20110 to port 110 on mail.domain.com.

In other words, you connect to 20110 (or whatever) on your local machine and ssh forwards that to port 110 on the remote machine. There's no configuration required on the sshd side. Again, I haven't tried it, but I had heard that this was fairly common.

redhead · 09-13-2002, 10:25 PM

Oh, just a simple ssh-tunneling thing.. Well that is widely used, for secure pop3 connections and the like..

I thought it had something todo with a firewall only having port X open, but the proggy you wanted connected to, was expecting connection on port Y, so therefor either letting the firewall re-route any incomming connection on port X to port Y on the client, or (if the client had an external IP, but still behind the firewall) letting the client redirect connections comming on port X to its own port Y.