3 public servers: middle machine for traffic forwarding


Login or Register for Dates, Times and to Reply

 
Thread Tools Search this Thread
# 1  
3 public servers: middle machine for traffic forwarding

With the following machines...
Server 1: PPTP client windows; Public IP: 1.1.1.1
Server 3: PPTP server centos6; Public IP: 3.3.3.3
Connecting VPN server3 from server1 works correctly!

Goal is to have a middle server forwarding traffic in both ways
Server 1: PPTP client windows; Public IP: 1.1.1.1
Server 2: Traffic forwarding centos6; Public IP: 2.2.2.2
Server 3: PPTP server centos6; Public IP: 3.3.3.3

Server1 connects with PPTP client to 2.2.2.2 and this server2 redirects to 3.3.3.3 (server3)
Is it possible to have that scenario?


Tried the following setup in Server2
1. Routing enabled
Code:
# echo "1" > /proc/sys/net/ipv4/ip_forward
# nano /etc/sysctl.conf
net.ipv4.ip_forward = 1
# sysctl -p

2. Iptables forward
Code:
# iptables -F -t nat
# iptables -F
# iptables -A FORWARD -d 3.3.3.3 -i eth0 -j ACCEPT
# iptables -t nat -A PREROUTING -i eth0 -d 2.2.2.2 -j DNAT --to-destination 3.3.3.3
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables save
# iptables reload

When trying to connect with Server1 VPN PPTP client to 2.2.2.2, it redirects correctly to 3.3.3.3.
However, in server3 (3.3.3.3) it does not assign a PPTP client to 2.2.2.2.
Here is the connection log at server3

Code:
# tail -f /var/log/messages
Nov 29 09:53:39 office pptpd[2121]: CTRL: Client 2.2.2.2 control connection started
Nov 29 09:53:39 office pptpd[2121]: CTRL: Starting call (launching pppd, opening GRE)
Nov 29 09:53:39 office pppd[2122]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Nov 29 09:53:39 office pppd[2122]: pppd 2.4.5 started by root, uid 0
Nov 29 09:53:39 office pppd[2122]: Using interface ppp2
Nov 29 09:53:39 office pppd[2122]: Connect: ppp2 <--> /dev/pts/3
Nov 29 09:54:09 office pppd[2122]: LCP: timeout sending Config-Requests
Nov 29 09:54:09 office pppd[2122]: Connection terminated.
Nov 29 09:54:09 office pppd[2122]: Modem hangup
Nov 29 09:54:09 office pppd[2122]: Exit.
Nov 29 09:54:09 office pptpd[2121]: GRE:  read(fd=6,buffer=6124a0,len=8196) from PTY failed: status = -1 error =  Input/output error, usually caused by unexpected termination of pppd,  check option syntax and pppd logs
Nov 29 09:54:09 office pptpd[2121]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Nov 29 09:54:09 office pptpd[2121]: CTRL: Client 2.2.2.2 control connection finished

Any ideas to setup the server2 working as middle traffic forwarder?
Login or Register for Dates, Times and to Reply

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #741
Difficulty: Medium
The successor to FORTRAN 77 was informally known as Fortran 90.
True or False?

9 More Discussions You Might Find Interesting

1. Cybersecurity

Ssh acces without passwd from unique machine to all servers

hello i want to acces to many machines over LAN network from a unique machine , that allow me to use a SSH directly without password. i ama using redhat enterprise version . i didnt find the right way to realise that. what should i do at first ? (1 Reply)
Discussion started by: wassimpb
1 Replies

2. Shell Programming and Scripting

What are public keys in ssh and how do we create the public keys??

Hi All, I am having knowledge on some basics of ssh and wanted to know what are the public keys and how can we create and implement it in connecting server. Please provide the information for the above, it would be helpful for me. Thanks, Ravindra (1 Reply)
Discussion started by: ravi3cha
1 Replies

3. Linux

IP Traffic forwarding

Hello All I have the following setup of a network. Client machines sends requests to the server which is (192.168.1.50) running on Ubuntu server 8.04. And this server forwards all incoming traffic from clients to another server (192.168.1.100) when itís available. The availability is checked... (0 Replies)
Discussion started by: Anuradhai4i
0 Replies

4. UNIX for Advanced & Expert Users

Generate Public key for non ssh enabled servers

I am writing a script that needs to access various servers some of which are not ssh enabled. In order to access the ssh enabled servers I am using the following command to generate the public key : ssh-keygen -t rsa Is there a similar command for the other servers as well. If I try to use... (1 Reply)
Discussion started by: ravneet123
1 Replies

5. SuSE

Regarding accessing multiple servers using single public ip address

Hello, Currently we are having different linux servers (for example: let's assume audio server, video server and text server) to handle requests from outside users. Suppose the outside users in different LAN (Local Area Network), other than the servers. For example user is in 20 series LAN and... (5 Replies)
Discussion started by: navneet_2009
5 Replies

6. IP Networking

Setting up private and public ip on same machine.

Hi, We have a ftp server which is running on public ip and out side of firewall. Users out side of our network and users of our local network both using the same public ip and doing upload and downloading. Last few days we are facing bandwidth problem as internal network users increased. ... (1 Reply)
Discussion started by: abduljabbar_11
1 Replies

7. Red Hat

To find the LATEST file from a dir on REMOTE machine and SCP to local machine?

Hi All, URGENT - Please help me form a scipt for this: I need the LATEST file from a dir on REMOTE machine to be SCP'd to a dir on local machine. (and I need to execute this from local server) I know that the below cmd is used to find the LATEST file from a dir. But this command is not... (3 Replies)
Discussion started by: me_ub
3 Replies

8. Cybersecurity

ssh X-forwarding and remote forwarding behind proxy

Hi, from my workplace we use a proxy to connect to the outside world, including external ssh servers. The problem is that the server is seeing the connection coming from the proxy and knows nothing about the client behind it. The ssh connection itself works fine, but x-forwarding does not work as... (1 Reply)
Discussion started by: vampirodolce
1 Replies

9. Solaris

Any tool to examine the error or traffic on the machine?

Hello all is there any graphic tool or not graphic tool that lets me examine or monitor the error in the system or data traffic ? Thanks for your help (2 Replies)
Discussion started by: umen
2 Replies
FS_NEWCELL(1)						       AFS Command Reference						     FS_NEWCELL(1)

NAME
fs_newcell - Changes the kernel-resident list of a cell's database servers SYNOPSIS
fs newcell -name <cell name> -servers <primary servers>+ [-linkedcell <linked cell name>] [-help] fs n -n <cell name> -s <primary servers>+ [-l <linked cell name>] [-h] DESCRIPTION
The fs newcell command removes the Cache Manager's kernel-resident list of database server machines for the cell specified by the -name argument and replaces it with the database server machines named by the -servers argument. Each time the machine reboots, the Cache Manager constructs the kernel list of cells and database server machines by reading the local /etc/openafs/CellServDB file. This command does not change the CellServDB file, so any changes made with it persist only until the next reboot, unless the issuer also edits the file. The output of the fs listcells command reflects changes made with this command, because that command consults the kernel-resident list rather than the CellServDB file. This command can introduce a completely new cell into the kernel-resident list, but cannot make a cell inaccessible (it is not possible to remove a cell's entry from the kernel-resident list by providing no values for the -server argument). To make a cell inaccessible, remove its entry from the CellServDB file and reboot the machine. If the -name argument names a DCE cell, then the -servers argument names DFS Fileset Location (FL) Server machines. The -linkedcell argument specifies the name of the AFS cell to link to a DCE cell for the purpose of DFS fileset location. CAUTIONS
Some commands, such as the aklog or klog.krb5 commands, work correctly only when the information is accurate for a cell in both the CellServDB file and the kernel-resident list. OPTIONS
-name <cell name> Specifies the fully-qualified cell name of the AFS or DCE cell. -servers <primary servers>+ Specifies the fully-qualified hostnames of all AFS database server machines or DFS Fileset Location (FL) Server machines for the cell named by the -name argument. If FL Server machines are specified, the local machine must be running the AFS/DFS Migration Toolkit Protocol Translator. -linkedcell <linked cell name> Specifies the name of the AFS cell to link to a DCE cell for the purpose of DFS fileset location. -help Prints the online help for this command. All other valid options are ignored. EXAMPLES
The following example changes the machine's kernel-resident list of database server machines for the ABC Corporation cell to include the machines "db1.abc.com" and "db2.abc.com": % fs newcell -name abc.com -servers db1.abc.com db2.abc.com The following example links the DCE cell "dce.abc.com" to the AFS cell "abc.com". The AFS client contacts the Fileset Location (FL) servers "db1.dce.abc.com" and "db2.dce.abc.com" for fileset location information as it interprets a DFS pathname. % fs newcell -name dce.abc.com -servers db1.dce.abc.com db2.dce.abc.com -linkedcell abc.com PRIVILEGE REQUIRED
The issuer must be logged in as the local superuser root. SEE ALSO
CellServDB(5), fs_listcells(1) COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved. This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell. OpenAFS 2012-03-26 FS_NEWCELL(1)

Featured Tech Videos