Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
simple tunel
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
teper
Guest





PostPosted: Thu Apr 25, 2002 12:58 pm    Post subject: simple tunel Reply with quote

Hello!

I used FreeLSD previously and bounce.c as a simple port tunel.

(normal connection)
My_Host -> foregin_IP:port

(bounced connection)
MY_HOST-> server_IP:INC-PORT [FeeBSD] -> foregin_IP:port

What should i use in gentoo linux as a bounce.c substitute or what should i use to compile that simple program
standard cc,gcc won't work

Wojciech Teperski
teper@polsl.gliwice.pl
Back to top
Target
Apprentice
Apprentice


Joined: 25 Apr 2002
Posts: 199

PostPosted: Thu Apr 25, 2002 4:23 pm    Post subject: Reply with quote

This feature is built into iptables' preroute/forward/postroute rules, but since I use ssh whenever I tunnel anywhere (I'm an encryption nut), any examples I give you may need a lot of tweaking to get working.

First, you'll either need to load the netfilter (iptables) kernel module if you have it, or compile a kernel with it built-in. Then emerge iptables to get the userspace tools.

We'll assume you have two network cards in the bounce host with eth0 as the external interface and eth1 as the internal. Card references can just as easily be replaced with IPs and IP ranges, though.
Let's also assume you want to reach remote port 2000 on host 101.101.101.101, and that just for the hell of it you'll actually be bouncing through 2002 on your own server.

First we set forwarding's default policy to deny... we don't want people coming in from the outside and tunneling right back out.

Code:
iptables -P FORWARD DROP


We'll want to allow packets we've actually requested to get forwarded through to us:

Code:
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT


Allow all safe/needed forms of tcp connections on port 2002 to be forwarded out the external interface:

Code:
iptables -A FORWARD -i eth1 -o eth0 -p tcp --dport 2002 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT


Now that the ground rules have been established, we set up the NAT table to do the dirty work of routing the server's internal port 2002 to the remote host's port 2000:

Code:
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 2002 -j DNAT --to 101.101.101.101:2000


I'm not 100% sure about that last one... you may need to specify your internal IP instead of the interface because the NAT table is treated a little differently.

Generally, I'd reccomend taking things a step further and setting up a whole firewall. You can never be too careful, and the tools to do it are the same ones you use to bounce/forward ports.

If you're looking to do full SNAT, iptables has a full-blown masquerading subsystem.[/code]
Back to top
View user's profile Send private message
teper
n00b
n00b


Joined: 25 Apr 2002
Posts: 3
Location: Poland

PostPosted: Thu Apr 25, 2002 6:28 pm    Post subject: Reply with quote

Target wrote:
This feature is built into iptables' preroute/forward/postroute rules, but since I use ssh whenever I tunnel anywhere (I'm an encryption nut), any examples I give you may need a lot of tweaking to get working.

THX for answer but one thing - i don't need NAT
i can use
Code:
 ssh -R listenport:remote_host:port localhost

sytuation is like this
my friend connets to internet by tpsa_provider
he is plaing network games on game_server
but he has teribble lag since game_server is in different backbone net.
my host is in the same backbone net with game_server and i have fast connecion with my friend.
Idea: use my server as a bouncer (proxy server)

thx for answer ill try ipchains.
_________________
Wojciech Teperski
foton@idea.net.pl
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum