IP Masquerading

Vladimir Myslik xmyslik na sun.felk.cvut.cz
Pondělí Leden 27 03:39:10 CET 1997 

In article <Pine.VMS.3.91-vms-beta10.970123175656.10143A-100000 na cs.felk.cvut.cz>, you wrote:
>> : > 	Vzdalenym koncum PPP linek bych pridelil adresu a.b.c.{1,2,3},
>> : > takze vse, co by slo ven, by se tvarilo jako a.b.c.{1,2,3}.
>> 
>> : Ale na vzdalenem konci je router pro tamnejsi sit. Takze by to IP-Masq. 
>> : muselo byt tam, ne?? 
>> 
>> 	Ano.
>>  
>> -Yenya
>
>Hmm, tak takhle to bohuzel udelat nemuzu, protoze na tom vzdalenym konci 
>je jenom pitoma plechovka (NetBlazer s modemem) a ta maskovat neumi a po 
>vlozenych investicich by to asi nikdo nedal predelat na plnohodnotne 
>compy. A taky by bylo mnohem narocnejsi spravovat 5 stroju vzdalenych 
>misto jednoho maskovatka lokalniho (ale to jde jen o me pohodli ;-))
>
>Presto diky, alespon uz vim, ze takhle to nejde a nebude me trapit ze na 
>to neumim prijit :-))
>

Jo to sem jednou videl nakej program, kterej kdyz se spustil na masine tak umel na urcitym portu 
poslouchat a presmerovat vlastne cele tcp spojeni na jiny port jineho pocitace.
Potom by slo s kombinaci Ip aliasingu, tohodle programu a firewallingu(forwarding firewall ci co)
udelat to co chcete. Ip aliasingem by se na maskovatku nastavilo ethernetovce jaksi
vic IP adres, spustilo by se par kopii toho smejdu co nemuzu najit(kazy na jinem lokalnim portu, 
nekde nahore)  a pak by se nastavila vstupni firewalla tak, aby kdyz zjisti spojeni z 
portu telnetu nebo www na rozhrani x.x.x.a tak aby to posilala treba na lokalni
port 8000. z adresy x.x.x.b by to posilalo na adresu 8001 atakdale. Akorat by
k tomu musel bezet ten programek. Kdysi jsem se take o neco podobneho pokousel.
Mozna to mam nekde na disku ale jak to najit v 800 mb :-((( mozna ze bych si
vzpomnel a nasel to, ale urcite by to melo byt na nejakem vetsim serveru

jo, tady je to :

References: <30E98C6B.196B3EF6 na plea.se> <4d1uk0$eh0 na rhino.cis.vutbr.cz>

Vladimir Myslik wrote:
>
> Jonas Elfstrom <jonas na plea.se> wrote:
> >Hello,
> >
> >Our situation:
> >We have one IP address that have READ and POST access on a news-server.
> >Our net-provider want to charge us $23 monthly/IP that has access to
> >their news-server... Now I
 hoping that there is a way to fool that
> >newsserver that all our requests are coming from our host.
> >Ie heard of a program called leafnode (but I cannot find it).
> >
> >Someone mailed me at stated that I could use a reflector and/or
> >redirector of IP and port but he didn explain that any further
> >and hasn answered me since...
> >
> >Is there someone out there who is doing something like this right now?
> >
> >Could it be done by some sort of proxy or firewall util?
> >
> >--
> > / Jonas Elfstrom        (5+ rows .sigs sux)       jonas na plea.se \
> >< ISP, Linux, Amiga, C, 680x0/6502 ASM. Guinnes. Suede, Oasis, DM >
> > \ We are here to PLEAse you! Support:+46 19322010 http://plea.se/
>
> Hi,
>
> hope this is the right solution:
>
> I think that there is a program called tredir (yes, I have it on my 2.2.0 Slackware system) and i
> allows you to redirect a unix's port to a remote machine. So, if your system with IP from your
> provider were running linux, it could be possible to redirect its nntp port to that.
> shit> tredir
>
> Usage: redir [options] {<localport> <[host:]remoteport>}
>
> Note that your system has to have port 119 free.
> Even if this wasn't working, you may write a proggy which listens for tcp connections and then
> passes them to the remote computer yourself.
>
> ------------------------------------------------------------------
>  Vladimir Myslik
> mailto:xmyslik na cslab.felk.cvut.cz , mailto:xmyslik na cs.felk.cvut.cz
> http://cs.felk.cvut.cz/~xmyslik/

Vladimir, please note that tredir is part of the TERM package and
does not work in a normal IP setup.

- Marc Delisle


JO sice to je soucasti termu, ale proc by to nemohlo fungovat i tak. Mozna by bylo nutny
tomu trosku domluvit. Kdyz jsem neco takovyho pasl ja, tak jsem mel problemy se zaviranim 
otevrenych portu.




-- 
------------------------------------------------------------------
 Vladimir Myslik  
(if you experience delivery problems replying my mail, try the addresses below)
mailto:xmyslik na cslab.felk.cvut.cz , mailto:xmyslik na cs.felk.cvut.cz
http://cs.felk.cvut.cz/~xmyslik

Další informace o konferenci Linux