You are not logged in.

#1 2009-09-13 12:15:54

BombStrike
Member
Registered: 2008-10-22
Posts: 6

Selective port routing

Hello,

i'd like your help on the following thing.
At work our main router only allow ports 22, 80, 443, ICQ+MSN out. I'd like then to redirect every other ip:port where ip is not on the local subnet on my computer through a SSH tunnel on a dedicated sever of mine automaticaly so that it looks like this setup:

+----------+   Port 22, 80, 443    +----------+    80, 443
|          |  >----------------->  |          |  >---------->  INTERNET
|  CLIENT  |   Other ports         |  ROUTER  |    22
|          |  >-------------+      |          |  >-----+       +-------------+
+----------+                |      +----------+        |       |             |    Redispatch to correct ip:port
        |  Through port 22  |                          +---->  |  DEDICATED  |  >-------------------------------->  INTERNET
        +------------------ +                                  |             |
                                                               +-------------+

I think iptables would be a minimum ( using OUTPUT rules ? ), but how could I do that in the most transparent way ? ( as not all software support proxy configuration )
If you have a better idea for what i'm trying to do, feel free to comment too.

Thank you

Offline

#2 2009-09-13 16:39:56

Mardoct
Member
Registered: 2009-08-17
Posts: 208

Re: Selective port routing

If you have nodes trying to connect to services through the wrong ports, a less 'sloppy' fix would be to make them use the correct ports. Edit their hosts files to make them use the correct ones. More efficient as it cuts the need for more infrastructure.


The human being created civilization not because of willingness but of a need to be assimilated into higher orders of structure and meaning.

Offline

#3 2009-09-14 00:11:59

fukawi2
Ex-Administratorino
From: .vic.au
Registered: 2007-09-28
Posts: 6,217
Website

Re: Selective port routing

I'm not sure how this will work, since the SSH Tunnel is a SOCKS proxy, not just a route.

iptables -t nat -I PREROUTING -p tcp --dport 80 -J ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 443 -J ACCEPT
<repeat above rule for each port we don't want to send down the SSH tunnel>
iptables -t nat -I PREROUTING -j REDIRECT --to-ports <ssh-tunnel-port>

Offline

Board footer

Powered by FluxBB