redirecting packets

hi,
this is my first post in a newsgroup, hope i make everything right

well, this is my situation:

i have always been curious about how online games communicate with
their servers. since i am computer savvy and i can program myself, i
decided that i wanted to get an online game, analyze the client-server
conversation and maybe even try to "fake" the server to some extent.

so, i downloaded gunz (www.gunzonline.com), a free but not open-source
game (windows only, i fear). i chose it because i knew that the actual
data sent while playing is spread peer-to-peer, so the client-server
part i was interested in was just about the logging in and finding
games - should be a lot easier than a "normal" online game.

i have had some success with my plans. i could manipulate the loading
application (which makes sure the client is up-to-date) by redirecting
the address www.gunzonline.com to 127.0.0.1 in my hosts file. this
works fine for domains, but nor for ips themselves.
i found that the loading application connects randomly to a ftp server
on one of the following ips (i "crippled" them because i don't know the
policy of newsgroups about that):
xxx.145.yyy.134
xxx.145.yyy.135
xxx.145.yyy.136
where xxx is the same in every case, likewise yyy.

my problem now is: i am working on windows and i could not find any
solution of how to redirect the ips to localhost. i think that the ips
are hardcoded in the application, since i could only find DNS name
resolution for gunzonline.com, which happens to be xxx.145.yyy.131 in
every case.
i googled for hours and apparently there is no way to do it the easy
way.

i developed a new plan:
i run my own ftp server on my windows machine, listening to port 2100.
then, on an old pc, i set up damn small linux (could change that to any
other distro, if necessary, although ram and cpu are quite limited) to
act as a gateway for my windows box. so, i set the gateway (i think
that may be important) for every ip in the xxx.145.yyy.0 ip range to
the linux machine.
that actually seems to be right so far. so, i need my linux box to do
the following:
listen for packets coming in on port 21/tcp and redirect them to
192.168.72.1, port 2100/tcp. sounds easy, but i could not find any
solution that actually worked for me. i always get an "connection
refused" error, no matter from where i try to connect. even when i
connect from the linux box to 127.0.0.1 port 21 i get rejected, but
connecting to 192.168.72.1 port 2100 works fine.
note that the linux pc is connected to my windows machine directly.
there is just a single network card in the linux box.

any suggestions on that? (of course, if anyone happens to have a clue
how i can solve this easier than routing through linux, i'd be happy to
know)

so, finally, i hope i wrote clearly enough for everyone to understand
what i mean.
thank you in advance,
Tonni

Hello,

(E-Mail Removed) a écrit :
[...]
> my problem now is: i am working on windows and i could not find any
> solution of how to redirect the ips to localhost.

What about adding these IP addresses to any local interface, with a
carefully chosen netmask ? On Windows 2000 and above, the so-called
"loopback" interface comes in handy.

> i think that the ips
> are hardcoded in the application, since i could only find DNS name
> resolution for gunzonline.com, which happens to be xxx.145.yyy.131 in
> every case.

Did you sniff DNS queries, or look into Windows DNS cache (if NT
version) with ipconfig /displaydns ?

> i developed a new plan:
> i run my own ftp server on my windows machine, listening to port 2100.
> then, on an old pc, i set up damn small linux (could change that to any
> other distro, if necessary, although ram and cpu are quite limited) to
> act as a gateway for my windows box. so, i set the gateway (i think
> that may be important) for every ip in the xxx.145.yyy.0 ip range to
> the linux machine.

Is the Linux box the default gateway for the Windows box or only the
gateway for xxx.145.yyy.13z destinations ?
Do the routes work (test with tracert) ?

> that actually seems to be right so far. so, i need my linux box to do
> the following:
> listen for packets coming in on port 21/tcp and redirect them to
> 192.168.72.1, port 2100/tcp. sounds easy, but i could not find any
> solution that actually worked for me. i always get an "connection
> refused" error, no matter from where i try to connect

What did you actually try ?
1) Enable IP forwarding as usual :
# echo 1 >/proc/sys/net/ipv4/ip_forward
2) Make sure you have no iptables filtering rules or default policy
blocking the traffic in the FORWARD chain.
3) Load the FTP conntrack and NAT helper modules with the ports used :
# modproble ip_conntrack_ftp ports=21,2100
# modproble ip_nat_ftp ports=21,2100
4) Redirect incoming FTP traffic for each IP address :
# iptables -t nat -A PREROUTING -d xxx.145.yyy.13z -p tcp --dport 21 \
-j DNAT --to 192.168.71.1:2100

> even when i
> connect from the linux box to 127.0.0.1 port 21 i get rejected,

Of course. You want to redirect xxx.145.yyy.13z, not 127.0.0.1.

Hello,

(E-Mail Removed) a écrit :
[...]
> my problem now is: i am working on windows and i could not find any
> solution of how to redirect the ips to localhost.

What about adding these IP addresses to any local interface, with a
carefully chosen netmask ? On Windows 2000 and above, the so-called
"loopback" interface comes in handy.

> i think that the ips
> are hardcoded in the application, since i could only find DNS name
> resolution for gunzonline.com, which happens to be xxx.145.yyy.131 in
> every case.

Did you sniff DNS queries, or look into Windows DNS cache (if NT
version) with ipconfig /displaydns ?

> i developed a new plan:
> i run my own ftp server on my windows machine, listening to port 2100.
> then, on an old pc, i set up damn small linux (could change that to any
> other distro, if necessary, although ram and cpu are quite limited) to
> act as a gateway for my windows box. so, i set the gateway (i think
> that may be important) for every ip in the xxx.145.yyy.0 ip range to
> the linux machine.

Is the Linux box the default gateway for the Windows box or only the
gateway for xxx.145.yyy.13z destinations ?
Do the routes work (test with tracert) ?

> that actually seems to be right so far. so, i need my linux box to do
> the following:
> listen for packets coming in on port 21/tcp and redirect them to
> 192.168.72.1, port 2100/tcp. sounds easy, but i could not find any
> solution that actually worked for me. i always get an "connection
> refused" error, no matter from where i try to connect

What did you actually try ?
1) Enable IP forwarding as usual :
# echo 1 >/proc/sys/net/ipv4/ip_forward
2) Make sure you have no iptables filtering rules or default policy
blocking the traffic in the FORWARD chain.
3) Load the FTP conntrack and NAT helper modules with the ports used :
# modprobe ip_conntrack_ftp ports=21,2100
# modprobe ip_nat_ftp ports=21,2100
4) Redirect incoming FTP traffic for each IP address :
# iptables -t nat -A PREROUTING -d xxx.145.yyy.13z -p tcp --dport 21 \
-j DNAT --to 192.168.71.1:2100

> even when i
> connect from the linux box to 127.0.0.1 port 21 i get rejected,

Of course. You want to redirect xxx.145.yyy.13z, not 127.0.0.1.

Dear All,

I have been battling this for some time and have not found a solution.
Please let me describe a problem I have doing backups over rsync. The
machines involved are

*.10 - remote (from me) gateway machine that has two nic cards, one to a
cable modem (and the net) and another to a LAN (remote from me, local to
*.10) (running CENTOS 4.2)

*.131 - file server on the remote LAN (running CENTOS 4.2)

*.6 - my local machine that backups are directed to, connected to the
net via cable modem (running Fedora 3)

I want to backup *.10 over the net to *.6. There are files on *.131
that are NFS mounted to *.10. Backing up *.10 works fine, unless it is
backing up the files on *.131 (that are mounted to *.10).

I am using ssh with the rsync connection.

After anywhere from minutes to hours, the LAN networking stops. I
cannot see any machines on the LAN from *.10. I can access *.10 using
ssh and restart the LAN (/etc/init.d/network restart) and everything
starts working again, at least for a while.

Has anyone else seen this sort of problem? I don't really know where to
look.

Any pointers will be greatly appreciated!

Best regards,

--
Bob Smither <(E-Mail Removed)>

Bob Smither <(E-Mail Removed)> writes:

>Dear All,

>I have been battling this for some time and have not found a solution.
>Please let me describe a problem I have doing backups over rsync. The
>machines involved are

>*.10 - remote (from me) gateway machine that has two nic cards, one to a
>cable modem (and the net) and another to a LAN (remote from me, local to
>*.10) (running CENTOS 4.2)

>*.131 - file server on the remote LAN (running CENTOS 4.2)

>*.6 - my local machine that backups are directed to, connected to the
>net via cable modem (running Fedora 3)

>I want to backup *.10 over the net to *.6. There are files on *.131
>that are NFS mounted to *.10. Backing up *.10 works fine, unless it is
>backing up the files on *.131 (that are mounted to *.10).

>I am using ssh with the rsync connection.

>After anywhere from minutes to hours, the LAN networking stops. I
>cannot see any machines on the LAN from *.10. I can access *.10 using
>ssh and restart the LAN (/etc/init.d/network restart) and everything
>starts working again, at least for a while.

>Has anyone else seen this sort of problem? I don't really know where to
>look.

Bad driver for the ethernet card being used to access the lan?
Or bad ethernet card.
Look in the the files in /var/log for a clue.
Or look in dmesg


>Any pointers will be greatly appreciated!

>Best regards,

>--
>Bob Smither <(E-Mail Removed)>

> I am using ssh with the rsync connection

Would be interesting to know the exact command you use, with all options.
When you start rsync, you can it do localy and it will use the local
configuration file, you can also start it remotly, and it will use the
remote demon and configuration file...
The options allows and configurations allows you to choose if you want to
stay in one file sytem or follow mounts and links etc...

Just have a look to man rsync... have fun...

Fabio Vassalli