Re: sample/proxy.c

Wed, 24 May 2006 18:25:08 -0700 


Darren Reed wrote:



I don't consider the "???" to be a bug.  In a way, it is an indication
of entries created this ay vs normal.




Oh heh, this I did not know. Having not seen "???" before I just assumed it was 
broken.


Of course, I still don't actually have much joy:

# telnet 210.172.133.140 7100
Escape character is '^]'.
local IP# to use: 210.172.133.140
local port# to use: 45965
in   IP is: 210.172.133.140
out  IP is: 210.my.ext.IP
real IP is: 210.172.133.140
remote end for connection: 210.172.133.140,7100
OK Hello 210.172.133.140:45965 - you are connected to 210.172.133.140:7100
Connection closed by foreign host.

# ipnat -l
??? 210.172.133.140 45965 <- -> 210.my.ext.IP 65155 [210.172.133.140 7100]
RDR 210.172.133.140 1     <- -> 210.172.133.140 7100  [210.my.ext.IP 65155]


All the port and IPs seem to match up correct to me, and it should work. But I 
still do not get the original external IP "210.my.ext.IP" in getpeername().



To recap:


210.my.ext.IP  ->   210.172.133.140:7100 -> RDR to port 1 -> inetd spawning 
proxy -> connects to listening socket on port 7100 that print getpeername.










Part two:


I thought perhaps it had something to do with Solaris and not working with 
loopback, and ideally, I really want it to connect to a whole other server, like:



:  Internet    : ipfilter server ext  & int iface       : Internal Server
:              :   e1000g0                e1000g1
210.my.ext.IP -> 210.172.133.140:7100 & 172.20.11.254  -> 172.20.11.5:7100
                                 proxy.c


Since proxy.c assumes it should connect to its own host, I add the lines:

        nlp->nl_realip.s_addr=inet_addr("172.20.11.5");
        nlp->nl_realport=ntohs(7100);

near the start of function "do_nat_out()".

# ipnat -l
rdr e1000g0 0.0.0.0/0 port 7100 -> 210.172.133.140 port 1 tcp

inetd.conf
tcpmux          stream  tcp     nowait root /usr/local/bin/proxy proxy e1000g1


[EMAIL PROTECTED](/home/lundman)  telnet 210.172.133.140 7100
Escape character is '^]'.
local IP# to use: 172.20.11.254
local port# to use: 47406
in   IP is: 210.172.133.140
out  IP is: 210.my.ext.IP
real IP is: 172.20.11.5
remote end for connection: 172.20.11.5,7100
OK Hello 172.20.11.254:47406 - you are connected to 172.20.11.5:7100
Connection closed by foreign host.

# ipnat -l
??? 172.20.11.254   47406 <- -> 210.my.ext.IP 65129 [172.20.11.5 7100]
RDR 210.172.133.140 1     <- -> 210.172.133.140 7100  [210.my.ext.IP 65129]


Sanity check, remove RDR rule and replace with direct RDR:
rdr e1000g0 0.0.0.0/0 port 7100 -> 172.20.11.5 port 7100 tcp
OK Hello 210.my.ext.IP:46428 - you are connected to 172.20.11.5:7100




This is starting to drag out, and be noisy so I am probably starting to annoy 
people. Time to give up?


Lund

--
Jorgen Lundman       | <[EMAIL PROTECTED]>
Unix Administrator   | +81 (0)3 -5456-2687 ext 1017 (work)
Shibuya-ku, Tokyo    | +81 (0)90-5578-8500          (cell)
Japan                | +81 (0)3 -3375-1767          (home)























					Reply via email to