Is there such thing as a simple "relay server"?

Discussion in 'Cisco' started by g.cook.a, Oct 17, 2008.

  1. g.cook.a

    g.cook.a Guest

    Hello!

    I'm trying to figure out a way to setup what I'm calling a "relay
    server." What I'd like to do is get some kind of router that will
    forward all incoming packets from a pre-determined ip address to
    another external address. So basically, if I've got a computer (A)
    which I want to send data to computer (C), then instead of sending
    directly to (C) I want it to go through the router (B) by sending the
    packets directly to (B) which would in turn send them to (C). As far
    as (C) is concerned, the packets would appear as though they
    originated from the router (B). There is a program out there called
    "IP Relay Server" which does exactly what I want to do, except that it
    runs on a workstation (I'd like a hardware solution) and I don't think
    that the "IP Relay Server" program can be administered remotely. Does
    anyone have any possible solutions for what I'm trying to do? I've
    spent a LOT of time searching Google Groups and have found very little
    information on this. Please help, thanks! :)

    Garrett Cook
     
    g.cook.a, Oct 17, 2008
    #1
    1. Advertisements

  2. g.cook.a

    Thrill5 Guest

    Sounds like your talking about NAT, Network Address Translation.
     
    Thrill5, Oct 17, 2008
    #2
    1. Advertisements

  3. g.cook.a

    Trendkill Guest

    Honestly sounds like a cross between NAT and policy-based routing.
    First, the only way you can implement this is by having this 'node'
    installed inline in the traffic, ie on the direct path. If it hit its
    gateway router (which let's say is this node), which NAT'ed, it would
    then send the traffic to the same destination, but with the router's
    closest interface thus changing the source of the traffic. I think
    this is what you want to do, unless of course there is a different
    router you had in mind. Which in this case, you would need to setup
    policy based routing on the gateway router, to forward this traffic to
    'router b', which would then have the NAT statements. The problem is,
    what about other traffic to/from these subnets? Now you have an issue
    of one path being NAT'ed, and the other path not being NATed, which
    could get ugly.
     
    Trendkill, Oct 17, 2008
    #3
  4. g.cook.a

    Thrill5 Guest

    Policy routing would not be required as long as the router performing the
    NAT is in the path between the two. NAT is configured using an ACL in which
    you can specify that NAT is only performed between two specific hosts.


    Honestly sounds like a cross between NAT and policy-based routing.
    First, the only way you can implement this is by having this 'node'
    installed inline in the traffic, ie on the direct path. If it hit its
    gateway router (which let's say is this node), which NAT'ed, it would
    then send the traffic to the same destination, but with the router's
    closest interface thus changing the source of the traffic. I think
    this is what you want to do, unless of course there is a different
    router you had in mind. Which in this case, you would need to setup
    policy based routing on the gateway router, to forward this traffic to
    'router b', which would then have the NAT statements. The problem is,
    what about other traffic to/from these subnets? Now you have an issue
    of one path being NAT'ed, and the other path not being NATed, which
    could get ugly.
     
    Thrill5, Oct 18, 2008
    #4
  5. g.cook.a

    g.cook.a Guest

    Thank you all for replying. I think what I'm trying to do may by more
    simple than how I tried to explain it before. Let's say I have a DSL
    internet connection at my house, that plugs straight into a router
    called "Router B". There are no connections leading out of this
    router, only a single ethernet cable plugged between it and the DSL
    modem (which of course plugs straight into the phone jack). Now,
    let's say that from a remote location I've got "Computer A", and from
    a different remote location I've got "Computer C". So if I send
    packets from Computer A to whatever IP Address Router B is at, then
    Router B would just relay those packets to Computer C. The same thing
    should happen if send packets from Computer C to Router B, they would
    get relayed to Computer A and appear to have originated from Router
    B. If a packet comes from any address other than Computers A or C,
    then the router would not respond to it.

    Does that help? I really don't know much at all about routers and
    subnets and everything. Is there an easy way to set up some kind of
    router this way? Thanks for assisting! :)

    Garrett
     
    g.cook.a, Oct 18, 2008
    #5
  6. g.cook.a

    Trendkill Guest

    In short, no. You could use fxp'ing, which is just like an ftp, but
    you don't have to be a hop in the transfer, you can login to both
    sites, and send files back and forth presuming they allow this.
    Flashfxp is one tool that will do that.

    The issue with what you are asking, is that you are asking router B to
    actually change the source and destination of the packet. Rather than
    A to B, you want that changed to B to C. The issue is, A is a pc, and
    B is a router. A is setting up a tcp session with the remote end for
    a web session or ftp session or whatever, so even if B could change
    the source and destination IPs, B most likely does not run the same
    OS, same services, and would also need to effectively setup a tcp
    session just like A which is nearly impossible given frame numbers and
    sequences, etc. I think the issue is you are only looking at this
    from one way, when you have to know that there is always return
    traffic and sessions need to be established for this to work. A relay
    server (not sure what one is, but understand the concept) would work,
    because it can receive the traffic, then have a rule set of what to do
    when that traffic arrives. If receive ftp session from A, kick one
    off to C with yourself as the source, and transfer same file received
    from A, to C. But these are servers that run the same services and
    can therefore have a ruleset and applications to 'mimic' each other.

    If I'm off base in assessing your requirement, let me know.
     
    Trendkill, Oct 18, 2008
    #6
  7. g.cook.a

    g.cook.a Guest

    I think I see what you're saying; there is complexity in changing the
    source and destination IPs for every packet that passes through the
    router B. But it would seem like surely there is some kind of
    hardware device that would do just that. When I look at the
    configuration for the inexpensive wireless router I bought at Wal-
    mart, it allows me to set up port forwarding for addresses internal to
    the home network. I suppose what I'm looking for is something that
    would do the same thing but for an external address. Is any of the
    "professional" router hardware out there capable of doing this?

    Garrett
     
    g.cook.a, Oct 18, 2008
    #7
  8. g.cook.a

    Trendkill Guest

    The issue is not changing the destination, its changing the source,
    because TCP relies on a session being established between the two
    nodes. The router you are describing has a table of nodes sitting
    behind it (aka being NATed). When traffic comes in/out, that table is
    kept in synch so that traffic that comes in is routed to the correct
    node behind the router. But remember, the source destination are
    still really the same (meaning, its still a server/pc on the remote
    side, the a server/pc behind the router). Therefore, the router is
    really just helping the traffic find that destination, and the session
    is still setup between the two end nodes. What you are asking is for
    the router to kick off a session to a different network, and proxy PC
    As session. Thereby, you aren't asking the router to redirect and
    instead of PC A setting up a session with PC B, it goes to PC C. What
    you are asking is a session from A to B, is then mirrored or proxyied
    from B to C, which is where I am saying this is not possible on a
    piece of network hardware. Not only can a router not create new
    streams on its own, but it probably doesn't even run the application
    or service you are trying to proxy (http, https, ftp, etc).
     
    Trendkill, Oct 18, 2008
    #8
  9. g.cook.a

    Thrill5 Guest

    In order to figure out a solution here, let me ask a basic question. Why do
    you need to go through "Router B" for "Computer A" to talk to "Computer C".
    That doesn't make any sense to me. Why can't they talk to each other
    directly if they are both connected to the internet?
     
    Thrill5, Oct 19, 2008
    #9
  10. g.cook.a

    g.cook.a Guest

    The reason is that I may be traveling to a place where internet
    surveillance is high and the IP address information of Computer C
    might raise suspicions. There is nothing illegal or morally wrong
    with connecting to Computer C or the information, but I just don't
    want to receive any "bad publicity" while I'm over there.

    Thanks,
     
    g.cook.a, Oct 23, 2008
    #10
  11. g.cook.a

    Trendkill Guest

    Remote desktop to a specific box, kickoff your traffic from there.
    Use VNC instead of microsoft so you can do file transfers, etc. Just
    my 2 cents.
     
    Trendkill, Oct 23, 2008
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.