Hi all,
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access?
i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
Both servers in this case is CentOS linux, but I'm sure that won't make a big difference?
Rudi Ahlers sent a missive on 2010-04-28:
Hi all,
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access?
i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
Both servers in this case is CentOS linux, but I'm sure that won't make a big difference?
In principal yes you can do this type of thing. You'll have to enable ipforwarding on the gateway machine as a minimum.
Can you provide more information about your networking setup - ip addresses and subnet masks, with an ascii drawing as well would help if you think it relevant :-), then we can provide detailed answers :-)
Thanks
Simon.
On Wed, Apr 28, 2010 at 3:26 PM, Simon Billis simon@houxou.com wrote:
Rudi Ahlers sent a missive on 2010-04-28:
Hi all,
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access?
i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
Both servers in this case is CentOS linux, but I'm sure that won't make a big difference?
In principal yes you can do this type of thing. You'll have to enable ipforwarding on the gateway machine as a minimum.
Can you provide more information about your networking setup - ip addresses and subnet masks, with an ascii drawing as well would help if you think it relevant :-), then we can provide detailed answers :-)
Thanks
Simon.
Hi Simon,
Thanx for the help :)
The ADSL connected server currently runs on 196.210.176.x, and the internet connected server runs on 196.34.136.109
So, there's not on the same subnets, by a mile. In fact, the 2 servers are seperated by about 30Km's, but I can get into both via the interner.
Would ipforwarding still work, since I want to reroute all packets on eth0 of 196.34.136.109 in, and back out?
Open vpn is a nice solution in my opinion
2010/4/28 Rudi Ahlers rudiahlers@gmail.com
On Wed, Apr 28, 2010 at 3:26 PM, Simon Billis simon@houxou.com wrote:
Rudi Ahlers sent a missive on 2010-04-28:
Hi all,
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access?
i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
Both servers in this case is CentOS linux, but I'm sure that won't make a big difference?
In principal yes you can do this type of thing. You'll have to enable ipforwarding on the gateway machine as a minimum.
Can you provide more information about your networking setup - ip
addresses
and subnet masks, with an ascii drawing as well would help if you think
it
relevant :-), then we can provide detailed answers :-)
Thanks
Simon.
Hi Simon,
Thanx for the help :)
The ADSL connected server currently runs on 196.210.176.x, and the internet connected server runs on 196.34.136.109
So, there's not on the same subnets, by a mile. In fact, the 2 servers are seperated by about 30Km's, but I can get into both via the interner.
Would ipforwarding still work, since I want to reroute all packets on eth0 of 196.34.136.109 in, and back out?
-- Kind Regards Rudi Ahlers SoftDux
Website: http://www.SoftDux.com Technical Blog: http://Blog.SoftDux.com Office: 087 805 9573 Cell: 082 554 7532 _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Simon Billis sent a missive on 2010-04-28:
Rudi Ahlers sent a missive on 2010-04-28:
Hi all,
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access?
i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
Both servers in this case is CentOS linux, but I'm sure that won't make a big difference?
In principal yes you can do this type of thing. You'll have to enable ipforwarding on the gateway machine as a minimum.
Can you provide more information about your networking setup - ip addresses and subnet masks, with an ascii drawing as well would help if you think it relevant :-), then we can provide detailed answers :-)
Thanks
Simon.
Sorry miss read your post - you can do what you're after, but this is a proxy in this case.... i.e. the remote box is acting as a proxy for your adsl connected server. If you're wanting to route all the traffic from your adsl connected box to the remote server, then I would look at using a VPN between the boxes.... you might be able to use squid on the remote server to be your proxy also.
S.
Rudi wrote:
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access?
i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
<snip> I don't quite understand what you're asking. Do you mean <ADSL system><-><hosted system><->the 'Net or do you mean <the 'Net>-><hosted system>-><ADSL system> ? That is, are you trying to offer Web, FTP (BAD idea, use sftp or scp), and email from your ADSL-connected server, or do you want to connect to the 'Net via the hosted system?
mark
On Wed, Apr 28, 2010 at 3:49 PM, m.roth@5-cent.us wrote:
Rudi wrote:
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access?
i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
<snip> I don't quite understand what you're asking. Do you mean <ADSL system><-><hosted system><->the 'Net or do you mean <the 'Net>-><hosted system>-><ADSL system> ? That is, are you trying to offer Web, FTP (BAD idea, use sftp or scp), and email from your ADSL-connected server, or do you want to connect to the 'Net via the hosted system?
mark
Mark,
We, in South Africa sit with a huge problem in that our clients can't connect to the rest of the world cause SEACOM is down. i.e. our client can, for the past 3 days, only surf local (i.e. local in South Africa) websites, email, etc. We have a lot of client's servers hosted in the USA, so they can't reach their websites or email and business is standing still for them.
So, I want to reroute all their traffic via one of our other servers which right now has got full internet access, as such:
<ADSL client> - <Limited internet> - <server> - <full internet>
I already setup squid for this and it works great, but doesn't proxy SMTP / POP3 / Skype / IM / RDP / etc etc. And I don't want to setup a proxy service for evey service imaginible.
2010/4/28 Rudi Ahlers rudiahlers@gmail.com:
On Wed, Apr 28, 2010 at 3:49 PM, m.roth@5-cent.us wrote:
Rudi wrote:
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access?
i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
<snip> I don't quite understand what you're asking. Do you mean <ADSL system><-><hosted system><->the 'Net or do you mean <the 'Net>-><hosted system>-><ADSL system> ? That is, are you trying to offer Web, FTP (BAD idea, use sftp or scp), and email from your ADSL-connected server, or do you want to connect to the 'Net via the hosted system?
mark
Mark,
We, in South Africa sit with a huge problem in that our clients can't connect to the rest of the world cause SEACOM is down. i.e. our client can, for the past 3 days, only surf local (i.e. local in South Africa) websites, email, etc. We have a lot of client's servers hosted in the USA, so they can't reach their websites or email and business is standing still for them.
So, I want to reroute all their traffic via one of our other servers which right now has got full internet access, as such:
<ADSL client> - <Limited internet> - <server> - <full internet>
I already setup squid for this and it works great, but doesn't proxy SMTP / POP3 / Skype / IM / RDP / etc etc. And I don't want to setup a proxy service for evey service imaginible.
how about ipsec / openvpn tunnel and routing traffic via it?
-- Eero, RHCE
On Wed, Apr 28, 2010 at 3:59 PM, Eero Volotinen eero.volotinen@iki.fi wrote:
how about ipsec / openvpn tunnel and routing traffic via it?
-- Eero, RHCE _______________________________________________
I don't know, since I've never setup one ;)
The trickey part, which I don't understand, is how will this work.
i.e. I SSH into ADSL client's machine, and setup the VPN. The VPN then connects to our linux server which now acts as gateway. How do I tell the client's linux server to rout all traffic (apart from my SSH connection, otherwise I get cut-off) via the VPN, and not via the same ADSL line on top of which the VPN runs?
Rudi,
Rudi wrote:
On Wed, Apr 28, 2010 at 3:49 PM, m.roth@5-cent.us wrote:
Rudi wrote:
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access?
i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
<snip> I don't quite understand what you're asking. Do you mean <ADSL system><-><hosted system><->the 'Net or do you mean <the 'Net>-><hosted system>-><ADSL system> ? That is, are you trying to offer Web, FTP (BAD idea, use sftp or scp), and email from your ADSL-connected server, or do you want to connect to the 'Net via the hosted system?
We, in South Africa sit with a huge problem in that our clients can't connect to the rest of the world cause SEACOM is down. i.e. our client can, for the past 3 days, only surf local (i.e. local in South Africa) websites, email, etc. We have a lot of client's servers hosted in the USA, so they can't reach their websites or email and business is standing still for them.
So, I want to reroute all their traffic via one of our other servers which right now has got full internet access, as such:
<ADSL client> - <Limited internet> - <server> - <full internet>
<snip> AH! The light dawns! <g>
Sounds to me as though you need to have the clients use the hosted system as their gateway, as though they're on a subnet, and have to go through the hosted system as a firewall (not a bad idea in itself). They need to *not* look directly out.
Sounds like an iptables setup to route through the hosted system. Remember, if that works for you, that all the rules for blocking should happen *first* in /etc/sysconfig/iptables.
mark
On Wed, Apr 28, 2010 at 4:06 PM, m.roth@5-cent.us wrote:
AH! The light dawns! <g>
Sounds to me as though you need to have the clients use the hosted system as their gateway, as though they're on a subnet, and have to go through the hosted system as a firewall (not a bad idea in itself). They need to *not* look directly out.
Sounds like an iptables setup to route through the hosted system. Remember, if that works for you, that all the rules for blocking should happen *first* in /etc/sysconfig/iptables.
mark
Hi Mark,
That's right :)
But, I don't know how todo this, or what todo....... And I don't know what to look for on the internet to help me with this either.
What makes it different that what I've setup before is that it's not really a LAN anymore, so I can't just tell the ADSL connected server to use the hosted server as gateway, I don't think that'll work.
Rudy,
Rudi wrote:
On Wed, Apr 28, 2010 at 4:06 PM, m.roth@5-cent.us wrote:
AH! The light dawns! <g>
Sounds to me as though you need to have the clients use the hosted system as their gateway, as though they're on a subnet, and have to go through the hosted system as a firewall (not a bad idea in itself). They need to *not* look directly out.
Sounds like an iptables setup to route through the hosted system. Remember, if that works for you, that all the rules for blocking should happen *first* in /etc/sysconfig/iptables.
That's right :)
But, I don't know how todo this, or what todo....... And I don't know what to look for on the internet to help me with this either.
*sigh* I was just thinking about this, and I think the answer is $ route add -net 0.0.0.0 gw <hosted IP> eth0
What makes it different that what I've setup before is that it's not really a LAN anymore, so I can't just tell the ADSL connected server to use the hosted server as gateway, I don't think that'll work.
What's not really a LAN anymore - does the ADSL server have people using that as a gateway?
mark
On Wed, Apr 28, 2010 at 4:32 PM, m.roth@5-cent.us wrote:
Rudy,
Rudi wrote:
On Wed, Apr 28, 2010 at 4:06 PM, m.roth@5-cent.us wrote:
AH! The light dawns! <g>
Sounds to me as though you need to have the clients use the hosted system as their gateway, as though they're on a subnet, and have to go through the hosted system as a firewall (not a bad idea in itself). They need to *not* look directly out.
Sounds like an iptables setup to route through the hosted system. Remember, if that works for you, that all the rules for blocking should happen *first* in /etc/sysconfig/iptables.
That's right :)
But, I don't know how todo this, or what todo....... And I don't know what to look for on the internet to help me with this either.
*sigh* I was just thinking about this, and I think the answer is $ route add -net 0.0.0.0 gw <hosted IP> eth0
ok, let's try ? this tells it to route all traffic, including my SSH connection to the gateway, rigth. But, what do I need todo on the gateway, since the gateway will route incoming & outgoing traffic over the same interface, eth0
What makes it different that what I've setup before is that it's not really a LAN anymore, so I can't just tell the ADSL connected server to use the hosted server as gateway, I don't think that'll work.
What's not really a LAN anymore - does the ADSL server have people using that as a gateway?
Yes, in this case there's 5 PC's behing the Linux gateway
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Wed, Apr 28, 2010 at 6:55 AM, Rudi Ahlers rudiahlers@gmail.com wrote:
Mark,
We, in South Africa sit with a huge problem in that our clients can't connect to the rest of the world cause SEACOM is down. i.e. our client can, for the past 3 days, only surf local (i.e. local in South Africa) websites, email, etc.
So, I want to reroute all their traffic via one of our other servers
<ADSL client> - <Limited internet> - <server> - <full internet>
I'm rather rusty on the details of this, but isn't the correct way to handle this to have <server> publish an ARP route indicating that it provides routing to (the IP space containing) <ADSL client>?
Any mere proxy or VPN hosted at <server> will allow <ADSL client> to transparently establish connections, but won't allow <full internet> to reach the IP address of <ADSL client> (nor anything else in <Limited internet>). Maybe that's not needed here.
On Wed, Apr 28, 2010 at 4:36 PM, Bart Schaefer barton.schaefer@gmail.com wrote:
On Wed, Apr 28, 2010 at 6:55 AM, Rudi Ahlers rudiahlers@gmail.com wrote:
Mark,
We, in South Africa sit with a huge problem in that our clients can't connect to the rest of the world cause SEACOM is down. i.e. our client can, for the past 3 days, only surf local (i.e. local in South Africa) websites, email, etc.
So, I want to reroute all their traffic via one of our other servers
<ADSL client> - <Limited internet> - <server> - <full internet>
I'm rather rusty on the details of this, but isn't the correct way to handle this to have <server> publish an ARP route indicating that it provides routing to (the IP space containing) <ADSL client>?
Any mere proxy or VPN hosted at <server> will allow <ADSL client> to transparently establish connections, but won't allow <full internet> to reach the IP address of <ADSL client> (nor anything else in <Limited internet>). Maybe that's not needed here. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I don't know either.......
And I haven't been able to install openvpn on the ADSL hosted server either, so I want to try a gateway type setup
Rudi Ahlers sent a missive on 2010-04-28:
And I haven't been able to install openvpn on the ADSL hosted server either, so I want to try a gateway type setup
Having given this some thought I think that you would do better to provide proxy services on a case by case basis.
Attempting to route traffic using a default gateway I don't think is going to work... the "next hop" is not on a local subnet so I dont think this is going to work (I might be wrong about this).
You could have a vpn between the machines - the ADSL gateway machine have a VPN to the IS machine and all traffic from and to the ADSL machine/NAT network behind it is routed over the VPN. This does work and is fairly easy to set-up if you have access to the ADSL machine.
If you can't set this up then I think that you should concentrate on providing proxy services for essential services i.e. http, smtp, pop3, imap, ftp (if needed). Squid will do some, you can then use a mail server of your choice to provide smtp relay services, I think that there is a pop3/imap proxy out there also (I've never used one though). For such services the adsl gateway machine can then do DNAT on the outbound packet (using iptables prerouting table) and then the proxied service will then do its thing (hopefully).
By far the best solution requiring little effort is a vpn (imho).
Rgds
Simon.
On 04/28/2010 02:11 PM, Rudi Ahlers wrote:
Hi all,
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access?
all you need is 'man ip'. Setup the right gateways on each machine, setup your ip policy into the right rules, route the rules from / to wherever you want.
- KB
From: Rudi Ahlers rudiahlers@gmail.com
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access? i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
Maybe you wann have a look at: http://lartc.org/howto/
JD
On Wed, Apr 28, 2010 at 4:31 PM, John Doe jdmls@yahoo.com wrote:
From: Rudi Ahlers rudiahlers@gmail.com
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access? i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
Maybe you wann have a look at: http://lartc.org/howto/
JD
Thanx JD. I can't load the site though, what is on it?
Rudi Ahlers sent a missive on 2010-04-28:
On Wed, Apr 28, 2010 at 4:31 PM, John Doe jdmls@yahoo.com wrote:
From: Rudi Ahlers rudiahlers@gmail.com
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access? i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
Maybe you wann have a look at: http://lartc.org/howto/
JD
Thanx JD. I can't load the site though, what is on it?
Its the Linux Advanced Routing & Traffic Control HOWTO
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Rudi Ahlers Sent: Wednesday, 28 April 2010 11:11 PM To: CentOS mailing list Subject: [CentOS] how to reroute all ADSL traffic via another server on theinternet?
Hi all,
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access?
i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
Both servers in this case is CentOS linux, but I'm sure that won't make a big difference?
You could use GRE tunnelling, which is supported by Linux and Cisco among others.
You could set up a GRE tunnel between your two sites, assign a /30 for the link, and route most traffic over the GRE interface (Minus the IP Address of your remote site - it must be routed via your internet connection).
This will behave as a point-to-point link between your sites.
Check out the ip(8) command, in particular the ip tunnel commands.
But, something like this should be a nice start:
ip tunnel add Tunnel0 mode GRE remote 1.2.3.4
ifconfig Tunnel0 10.10.10.1 netmask 255.255.255.252
ip route add 1.2.3.4/32 via 6.7.8.9
Cheers,
Dan
Dan Irwin wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Rudi Ahlers Sent: Wednesday, 28 April 2010 11:11 PM To: CentOS mailing list Subject: [CentOS] how to reroute all ADSL traffic via another server on theinternet?
Hi all,
Does anyone know, if it's possible to reroute all (i.e. HTTP / FTP / DNS / SMTP / POP3 / IMAP / etc) from an ADSL connected machine via another server, which is currently hosted with IS and has full internet access?
i.e. Can I setup another machine, on a different public IP than the dynamic ADSL IP as default gw? OR do I need todo something on that machine to work as a router for such a setup?
Both servers in this case is CentOS linux, but I'm sure that won't make a big difference?
You could use GRE tunnelling, which is supported by Linux and Cisco among others.
You could set up a GRE tunnel between your two sites, assign a /30 for the link, and route most traffic over the GRE interface (Minus the IP Address of your remote site - it must be routed via your internet connection).
This will behave as a point-to-point link between your sites.
Check out the ip(8) command, in particular the ip tunnel commands.
But, something like this should be a nice start:
ip tunnel add Tunnel0 mode GRE remote 1.2.3.4
ifconfig Tunnel0 10.10.10.1 netmask 255.255.255.252
ip route add 1.2.3.4/32 via 6.7.8.9
That could work approximately the same as a VPN - but you'll probably also have to source-NAT as you route on to internet destinations so the return packets will follow the same path back.
-
Bart Schaefer -
cahit Eyigünlü -
Dan Irwin -
Eero Volotinen -
John Doe -
Karanbir Singh -
Les Mikesell -
m.roth@5-cent.us -
Rudi Ahlers -
Simon Billis