Is there such thing as a simple "relay server"?

Hello!

I'm trying to figure out a way to setup what I'm calling a "relay server." What I'd like to do is get some kind of router that will forward all incoming packets from a pre-determined ip address to another external address. So basically, if I've got a computer (A) which I want to send data to computer (C), then instead of sending directly to (C) I want it to go through the router (B) by sending the packets directly to (B) which would in turn send them to (C). As far as (C) is concerned, the packets would appear as though they originated from the router (B). There is a program out there called "IP Relay Server" which does exactly what I want to do, except that it runs on a workstation (I'd like a hardware solution) and I don't think that the "IP Relay Server" program can be administered remotely. Does anyone have any possible solutions for what I'm trying to do? I've spent a LOT of time searching Google Groups and have found very little information on this. Please help, thanks! :)

Garrett Cook

Reply to
g.cook.a
Loading thread data ...

Sounds like your talking about NAT, Network Address Translation.

Reply to
Thrill5

Honestly sounds like a cross between NAT and policy-based routing. First, the only way you can implement this is by having this 'node' installed inline in the traffic, ie on the direct path. If it hit its gateway router (which let's say is this node), which NAT'ed, it would then send the traffic to the same destination, but with the router's closest interface thus changing the source of the traffic. I think this is what you want to do, unless of course there is a different router you had in mind. Which in this case, you would need to setup policy based routing on the gateway router, to forward this traffic to 'router b', which would then have the NAT statements. The problem is, what about other traffic to/from these subnets? Now you have an issue of one path being NAT'ed, and the other path not being NATed, which could get ugly.

Reply to
Trendkill

Policy routing would not be required as long as the router performing the NAT is in the path between the two. NAT is configured using an ACL in which you can specify that NAT is only performed between two specific hosts.

Honestly sounds like a cross between NAT and policy-based routing. First, the only way you can implement this is by having this 'node' installed inline in the traffic, ie on the direct path. If it hit its gateway router (which let's say is this node), which NAT'ed, it would then send the traffic to the same destination, but with the router's closest interface thus changing the source of the traffic. I think this is what you want to do, unless of course there is a different router you had in mind. Which in this case, you would need to setup policy based routing on the gateway router, to forward this traffic to 'router b', which would then have the NAT statements. The problem is, what about other traffic to/from these subnets? Now you have an issue of one path being NAT'ed, and the other path not being NATed, which could get ugly.

Reply to
Thrill5

Thank you all for replying. I think what I'm trying to do may by more simple than how I tried to explain it before. Let's say I have a DSL internet connection at my house, that plugs straight into a router called "Router B". There are no connections leading out of this router, only a single ethernet cable plugged between it and the DSL modem (which of course plugs straight into the phone jack). Now, let's say that from a remote location I've got "Computer A", and from a different remote location I've got "Computer C". So if I send packets from Computer A to whatever IP Address Router B is at, then Router B would just relay those packets to Computer C. The same thing should happen if send packets from Computer C to Router B, they would get relayed to Computer A and appear to have originated from Router B. If a packet comes from any address other than Computers A or C, then the router would not respond to it.

Does that help? I really don't know much at all about routers and subnets and everything. Is there an easy way to set up some kind of router this way? Thanks for assisting! :)

Garrett

Reply to
g.cook.a

In short, no. You could use fxp'ing, which is just like an ftp, but you don't have to be a hop in the transfer, you can login to both sites, and send files back and forth presuming they allow this. Flashfxp is one tool that will do that.

The issue with what you are asking, is that you are asking router B to actually change the source and destination of the packet. Rather than A to B, you want that changed to B to C. The issue is, A is a pc, and B is a router. A is setting up a tcp session with the remote end for a web session or ftp session or whatever, so even if B could change the source and destination IPs, B most likely does not run the same OS, same services, and would also need to effectively setup a tcp session just like A which is nearly impossible given frame numbers and sequences, etc. I think the issue is you are only looking at this from one way, when you have to know that there is always return traffic and sessions need to be established for this to work. A relay server (not sure what one is, but understand the concept) would work, because it can receive the traffic, then have a rule set of what to do when that traffic arrives. If receive ftp session from A, kick one off to C with yourself as the source, and transfer same file received from A, to C. But these are servers that run the same services and can therefore have a ruleset and applications to 'mimic' each other.

If I'm off base in assessing your requirement, let me know.

Reply to
Trendkill

I think I see what you're saying; there is complexity in changing the source and destination IPs for every packet that passes through the router B. But it would seem like surely there is some kind of hardware device that would do just that. When I look at the configuration for the inexpensive wireless router I bought at Wal- mart, it allows me to set up port forwarding for addresses internal to the home network. I suppose what I'm looking for is something that would do the same thing but for an external address. Is any of the "professional" router hardware out there capable of doing this?

Garrett

Reply to
g.cook.a

The issue is not changing the destination, its changing the source, because TCP relies on a session being established between the two nodes. The router you are describing has a table of nodes sitting behind it (aka being NATed). When traffic comes in/out, that table is kept in synch so that traffic that comes in is routed to the correct node behind the router. But remember, the source destination are still really the same (meaning, its still a server/pc on the remote side, the a server/pc behind the router). Therefore, the router is really just helping the traffic find that destination, and the session is still setup between the two end nodes. What you are asking is for the router to kick off a session to a different network, and proxy PC As session. Thereby, you aren't asking the router to redirect and instead of PC A setting up a session with PC B, it goes to PC C. What you are asking is a session from A to B, is then mirrored or proxyied from B to C, which is where I am saying this is not possible on a piece of network hardware. Not only can a router not create new streams on its own, but it probably doesn't even run the application or service you are trying to proxy (http, https, ftp, etc).

Reply to
Trendkill

In order to figure out a solution here, let me ask a basic question. Why do you need to go through "Router B" for "Computer A" to talk to "Computer C". That doesn't make any sense to me. Why can't they talk to each other directly if they are both connected to the internet?

Reply to
Thrill5

The reason is that I may be traveling to a place where internet surveillance is high and the IP address information of Computer C might raise suspicions. There is nothing illegal or morally wrong with connecting to Computer C or the information, but I just don't want to receive any "bad publicity" while I'm over there.

Thanks,

Reply to
g.cook.a

Remote desktop to a specific box, kickoff your traffic from there. Use VNC instead of microsoft so you can do file transfers, etc. Just my 2 cents.

Reply to
Trendkill

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.