Routing a port through another machine

Hello everybody.

I have a machine (WinNT) on my local LAN that runs a specific service
on port 8001. On the same LAN, there is a WWW server running a recent
RedHat. Now, I'd like to have the service on my WinNT machines port
8001 to run trough the WWW's 8001, so that it seems to be running the
service.
Route it trough in other words, but hopefully without changing any
settings on the NT machine...

So, I'd like people to see www.foo.no:8001 work like I do on my lan by
connecting to winnt.localnet:8001... Gettit?

Is this possible? I'm thinking iptables and NAT, but I can't make it
work... /=

Please help. Thanks in advance!

- K -

Newth wrote:

> Hello everybody.
>
> I have a machine (WinNT) on my local LAN that runs a specific service
> on port 8001. On the same LAN, there is a WWW server running a recent
> RedHat. Now, I'd like to have the service on my WinNT machines port
> 8001 to run trough the WWW's 8001, so that it seems to be running the
> service.
> Route it trough in other words, but hopefully without changing any
> settings on the NT machine...
>
> So, I'd like people to see www.foo.no:8001 work like I do on my lan by
> connecting to winnt.localnet:8001... Gettit?
>
> Is this possible? I'm thinking iptables and NAT, but I can't make it
> work... /=

Yes you can ;-)

iptables -t nat -A PREROUTING -i out.si.de.ip -p tcp --dport 8001 \
-j DNAT --to ip.of.nt.box

That's it - really!

The return packets will be taken care of automagically.

--
J

All your bits are belong to us - again.

What if I wanted to do what the original inquirer suggested but also
expose the IP address of the NT box to the outside Internet, because
it has a valid static IP address, and just use the Linux box has a
router. How does that change the command you gave? Thanks in advance.

-- vic

Jeroen Geilman wrote:
> Newth wrote:
>
>> Hello everybody.
>>
>> I have a machine (WinNT) on my local LAN that runs a specific service
>> on port 8001. On the same LAN, there is a WWW server running a recent
>> RedHat. Now, I'd like to have the service on my WinNT machines port
>> 8001 to run trough the WWW's 8001, so that it seems to be running the
>> service.
>> Route it trough in other words, but hopefully without changing any
>> settings on the NT machine...
>>
>> So, I'd like people to see www.foo.no:8001 work like I do on my lan by
>> connecting to winnt.localnet:8001... Gettit?
>>
>> Is this possible? I'm thinking iptables and NAT, but I can't make it
>> work... /=
>
>
> Yes you can ;-)
>
> iptables -t nat -A PREROUTING -i out.si.de.ip -p tcp --dport 8001 \
> -j DNAT --to ip.of.nt.box
>
> That's it - really!
>
> The return packets will be taken care of automagically.
>

Vic Hargrave wrote:

> What if I wanted to do what the original inquirer suggested but also
> expose the IP address of the NT box to the outside Internet, because it
> has a valid static IP address, and just use the Linux box has a router.
> How does that change the command you gave? Thanks in advance.

If the NT box has an *additional* public address then you can use a
normal route to reach it, and use iptables solely as a means of
controlling what kind of traffic you want to allow.

This does mean that your iptables rules will have to be constructed with
a little more care, since you cannot arbitrarily filter traffic coming
through an interface anymore - you have to filter on addresses.

Essentially - good if you want to keep things simple - it means writing
two sets of rules, with none of them deciding on interface, but solely
on src/dst addresses on whether to route and where.

--
J

All your bits are belong to us - again.