TCP Routing/IPTABLES question.

+------------------------------------------------------------------------------------+ |Machine A |Linux Fedora (Administrative Control) (IPTABLES) +------------------------------------------------------------------------------------+ | Kernel IP routing table

| Destination Gateway Genmask Flags MSS Window irtt Iface

| 219.78.18.0 0.0.0.0 255.255.255.192 U 0 0 0 eth1

| 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

| 192.168.101.0 192.168.100.202 255.255.255.0 UG 0 0 0 eth0

| 116.34.0.0 192.168.100.203 255.255.0.0 UG 0 0 0 eth0

| 0.0.0.0 219.78.18.1 0.0.0.0 UG 0 0 0 eth1

+------------------------------------------------------------------------------------+

Machine A has an external internet address on 219.78.18.1 . It also has one end of a Cisco VPN on 192.168.100.203.

+------------------------------------------------------------------------------------+ |Machine B

|RS/6000 AIX 5 (No Admin control) |

+------------------------------------------------------------------------------------+ | Routing tables

| Destination Gateway Flags Refs Use If PMTU Exp Groups

| default 116.34.33.254 UGc 0 0 en0 - -

+------------------------------------------------------------------------------------+

Machine B is a black box but has the other end of the Cisco VPN somehere on the

116.34 network.

I can ssh from Machine A to various machines on Network B (the 116.34 network). This all works as intended.

We now need to bring another network into the equation.

+------------------------------------------------------------------------------------+ |Machine C

|Linux Fedora (Administrative Control) (IPTABLES)

+------------------------------------------------------------------------------------+ | Kernel IP routing table

| Destination Gateway Genmask Flags MSS Window irtt Iface

| 10.64.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

| 28.43.27.0 0.0.0.0 255.255.248.0 U 0 0 0 eth1

| 0.0.0.0 28.43.27.1 0.0.0.0 UG 0 0 0 eth1

+------------------------------------------------------------------------------------+

This Machine has an external internet address on 28.43.27.1.

There are various natted PC's hiding behind this machine.

And now for the question. Is it possible with a combination of routing/iptables to allow machine C to ssh directly to machine B usig Machine A as a gateway. WITTHOUT making any changes on Machine B (And preferably not having to change the config of the Cisco.) It would also be even better if the NATTED PC's hiding behind Network C could also connect directly to machines on network B. (I think I can work that bit our for myself (But help would probably save me some loadsa time) ;-) )

I was thinking that I could do the following.

Om Machine C define a route to 116.34.0.0 with a gateway of 219.78.18.1 On Machine 219.78.18.1 (Machine A) define an IPTABLES forward rule to NAT and forward traffic from 28.43.27.1 destined for 116.34.0.0 to the Cisco kit at

192.168.100.203

Only problem is my routing/IPTABLES knowledge isn't strong enough to come up with the necessary commands.

Can anyone help me with the necessary commands and/or tell me I'm an idiot and it can't be done.

Regards

Steve Weet

P.S. IP addresses changed to protect the innocent !

Reply to
Steve Weet
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.