two machines with same IP, one forwarding almost all to second ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


 Hi,

  This is a question for experts, I guess :

  I have two machines A and B. Both are on the Net, with A-public-IP and
B-public-IP. But B is not allowed to accept any connections from the Net
(from public) on B-public-IP (except for a VPN ssl-VPN connection from
machine A). Machine A is allowed to accept any connections, but it doesn't
have the software needed to properly respond to the incoming TCP or UDP
requests. So it needs to forward *all* (except for SSH port) incoming
traffic requests to machine B. (I already have a ssl-pppd-based VPN
tunneling from private network traffic between A and B).

   How do I configure Linux-2.4.x + ipchains + whatever (do I need any
other software?) on these two machines A&B, to be able to:

1. originate ftp/http/telnet/ssh connections from machineA's A-public-IP
to the Net.

2. any requests incoming into machineA+A-public-IP forward to machineB's
A-public-IP, process and respond back on machineB's A-public-IP,
forwarding back to machine A, coming out of machineA's A-public-IP to the
requestor on the net. ( The reason why I need A-public-IP on machine B is
because the protocols that B handles, sometimes include in their payload
the IP and port of the machine processing the requets, which has to be
A-public-IP, because the client would then contact that IP in the payload,
and only machine A is allowed to accept connections from public.

  Another way to say this is : Machine A forwards *all* incoming TCP & UDP
traffic to the same IP on machine B. Except that A has to be able to
accept port 22 from the Net and originate ftp/http/telnet/ssh connections
onto the Net through A-public-IP.

  How do I need to configure A & B ? (ipchains ? ip route ? dummy
interfaces ? ppp interfaces ? )

   Thanx in advance,

    *all* comments on this topic are welcome !

      Jan

PS: I didn't find this in the HOWTO, I guess this kind of setup is quite
rare.

PS2: Under this kind of setup, a machine C on the net could do
contact ftp://A-public-IP/, and it would be machine B (*not* machine A),
which would be running the FTP server. And all the FTP modes that would
work on machine A would work under the setup I'm seeking to establish.

-- 
-- Gospel of Jesus is the saving power of God for all who believe --
               ## To some, nothing is impossible. ##
                     http://Honza.Vicherek.com/

-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux