[TriLUG] IP Address spoofing

Igor Partola igor at igorpartola.com
Mon Jan 30 21:16:00 EST 2012


Thanks Bill. In the end I decided to forego the spoofing. As much fun as
that is, it will not scale across our infrastructure. Instead, I am
implementing a more specialized packet relay that forwards data one way
only, but also communicates with devices directly.

At least I learned a lot :). Thanks everyone who took the time to respond.

Igor
On Jan 27, 2012 12:18 PM, "Bill Farrow" <bill at arrowsreach.com> wrote:

> On Fri, Jan 27, 2012 at 11:51 AM, Igor Partola <igor at igorpartola.com>
> wrote:
> > What I am trying to figure out is something that would be a bit more
> > stable. The amount of traffic here certainly does not warrant any more
> than
> > one process for all the ports that we listen on.
>
> Igor,
> I was thinking about this overnight :-)  Use the netfilter iptables
> DNAT to do port forwarding.  This will rewrite the destination ip in
> the packets, sending them on to your Host B for processing.  Host B
> will use the source address (unchanged) to send the response directly
> back to the mobile device.
>
> iptables -A PREROUTING -t nat -p udp --dport ${PORT} -d ${HOST-A-IP}
> -j DNAT --to ${HOST-B-IP}
>
>
> Bill
> --
> This message was sent to: Igor Partola <igor at igorpartola.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/igor%40igorpartola.com
> TriLUG FAQ          :
> http://www.trilug.org/wiki/Frequently_Asked_Questions
>



More information about the TriLUG mailing list