tunneling software?

sde · 08-24-2006, 02:08 PM

system: redhat 7.3

this box has 2 nics. one that i can access, and one for a local network it's on.

on the local network, it's connected to another server. i need to access a program on that server on port 8080.

so, i want to hit the first box on a specific port and just forward the request to the second one on the local network. then, i obviously want the response to come back to me.

what tool can i use for this?

Belisarius · 08-24-2006, 02:32 PM

While it's designed for load balancing, you might be able to use Balance. It'll act as a port-proxy.

teknomage1 · 08-24-2006, 08:58 PM

ssh handles all your port forwarding needs. You can check out the -R and -L flags I think.
As an example, here's what I use on my laptop to use my desktop as an http and dns proxy:
ssh -L 3128:localhost:3128 -L 873:localhost:873 -L 6667:localhost:6667 user@host

redhead · 08-25-2006, 05:14 AM

Or simply issue a iptable command on the first box redirecting to the second box..
Something like:

Code:

> iptables -t nat -A PREROUTING -i <EXTERN_NIC> -p tcp --dport 8080 -j DNAT --to <LOCAL_SERVER>

sde · 08-25-2006, 07:42 AM

thanks

.. hopefully the server admin thinks this is a good idea. it will save a lot of development time.

sde · 08-25-2006, 10:56 AM

i've entered that command, but when i do iptables -L, i do not see the rule.

is there anything else i need to do to enable the rule?

redhead · 08-25-2006, 11:08 AM

to view it you need to query the NAT table aswell ie:
> iptables -t nat -L PREROUTING

sde · 08-25-2006, 11:43 AM

ok i see it. shouldn't it reflect the port i specified? maybe i need to start over.

Code:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere           tcp dpt:webcache to:                         172.17.0.49
DNAT       tcp  --  anywhere             anywhere           tcp dpt:webcache to:                         172.17.0.49

redhead · 08-25-2006, 12:00 PM

Quote:

tcp dpt:webcache

Theres your port and the protocol beeing used.. If you like to see it as it's port value, you could try adding the -n switch.
Use the -v switch to see a more elaborate output, like which interface it's bound to, and how many packages the rule has captured.

By the way the dpt is shorthand for destination port, and as we all know, webcache is port 8080, so now any connection on port 8080 comming to your EXTERN_NIC will be redirected to port 8080 on the machine located at 172.17.0.49.

But repearting the rule is redundant, since the first one will capture any match befor even reaching the second one...