[TriLUG] IP Address spoofing

[Igor Partola]

Wow. Thanks everyone for the replies. Here are some details:

>> It sounds like the problem is that each device should report to a
specific server? Why not just make the devices themselves configurable?

We have *a lot* of devices. Most of them have the ability to remotely
update both their configuration and the code, but some do not (they've lost
it over time). On top of that they are *typically* configured to talk to
AGENCY.transloc.com, even though that may no longer be the actual server
that they should send data to. Thus we'd like the ability to keep a port
open on AGENCY.transloc.com, even if we can have the devices talk directly
to our tracking servers.

The long term plan is to have a single domain that the devices talk to, to
eliminate these types of problems in the future.

>> I'm pretty confident that socat is the tool you need.

Yes, that is what we are using currently. The problem with it is that
(unless I am misunderstanding the man page) it uses a process per
"connection" which with UDP translates to a process per IP address/Port
combination that the device used (IPv6 cannot come soon enough. Devices
keep switching their IP addresses every 5 minutes or so). It also doesn't
seem to have a whole lot of daemon-like behavior implemented: it does not
background itself, write PID files or sometimes cull the orphaned child
processes. For example, just now I restarted it, killing almost 10k
unculled processes, which is not sustainable. The command I use to run it
with is:

socat UDP4-LISTEN:PORT,bind=HOST-A,fork,reuseaddr UDP4:HOST-B:PORT

What I am trying to figure out is something that would be a bit more
stable. The amount of traffic here certainly does not warrant any more than
one process for all the ports that we listen on.

Once again, thanks everyone for all the great advice and attention.

Sincerely,
Igor