On Tue, 10 Aug 2004, Luesley, William wrote:
The machines open a number of TCP and UDP ports with which to communicate. In order to help testing, I have been asked to place a third machine between these two which will be capable of intercepting and modifying any messages. My initial plan was to have a device which could mimic both ends of the connection (as I already have code to do this); with each connection being on a separate NIC, leading to a setup as shown below:
A ------------ C C ---------- B 192.168.1.1 192.168.1.2 192.168.1.1 192.168.1.2 (eth0) (eth1)
This is actually possible by using advanced policy routing.
Should be possible out of the box now in 2.6 where one is allowed to define policies overriding the local destinations. For 2.4 you may need to patch the kernel slighly to relaxt this by allowing negative ip rule preference. in addition iptables is quite useful here for helping the policy routing by assigning suitable marks to the packets in each flow.
But you should not need to go this complex path. iptables NAT will do the job just fine for you. Set up the intermediary with another IP address acting as a proxy-arp gateway between the two stations, then intercept the connections using DNAT and if needed SNAT your outgoing connections back to the correct source IP.
or you could use two intermediary hosts connected via a private network, both running your dualsided software..
Regards Henrik - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
