Is there such thing as a simple "relay server"?

Hello!

I'm trying to figure out a way to setup what I'm calling a "relay
server." What I'd like to do is get some kind of router that will
forward all incoming packets from a pre-determined ip address to
another external address. So basically, if I've got a computer (A)
which I want to send data to computer (C), then instead of sending
directly to (C) I want it to go through the router (B) by sending the
packets directly to (B) which would in turn send them to (C). As far
as (C) is concerned, the packets would appear as though they
originated from the router (B). There is a program out there called
"IP Relay Server" which does exactly what I want to do, except that it
runs on a workstation (I'd like a hardware solution) and I don't think
that the "IP Relay Server" program can be administered remotely. Does
anyone have any possible solutions for what I'm trying to do? I've
spent a LOT of time searching Google Groups and have found very little
information on this. Please help, thanks!

Garrett Cook

 

Sounds like your talking about NAT, Network Address Translation.

 

Honestly sounds like a cross between NAT and policy-based routing.
First, the only way you can implement this is by having this 'node'
installed inline in the traffic, ie on the direct path. If it hit its
gateway router (which let's say is this node), which NAT'ed, it would
then send the traffic to the same destination, but with the router's
closest interface thus changing the source of the traffic. I think
this is what you want to do, unless of course there is a different
router you had in mind. Which in this case, you would need to setup
policy based routing on the gateway router, to forward this traffic to
'router b', which would then have the NAT statements. The problem is,
what about other traffic to/from these subnets? Now you have an issue
of one path being NAT'ed, and the other path not being NATed, which
could get ugly.

 

Policy routing would not be required as long as the router performing the
NAT is in the path between the two. NAT is configured using an ACL in which
you can specify that NAT is only performed between two specific hosts.

Honestly sounds like a cross between NAT and policy-based routing.
First, the only way you can implement this is by having this 'node'
installed inline in the traffic, ie on the direct path. If it hit its
gateway router (which let's say is this node), which NAT'ed, it would
then send the traffic to the same destination, but with the router's
closest interface thus changing the source of the traffic. I think
this is what you want to do, unless of course there is a different
router you had in mind. Which in this case, you would need to setup
policy based routing on the gateway router, to forward this traffic to
'router b', which would then have the NAT statements. The problem is,
what about other traffic to/from these subnets? Now you have an issue
of one path being NAT'ed, and the other path not being NATed, which
could get ugly.

 

Thank you all for replying. I think what I'm trying to do may by more
simple than how I tried to explain it before. Let's say I have a DSL
internet connection at my house, that plugs straight into a router
called "Router B". There are no connections leading out of this
router, only a single ethernet cable plugged between it and the DSL
modem (which of course plugs straight into the phone jack). Now,
let's say that from a remote location I've got "Computer A", and from
a different remote location I've got "Computer C". So if I send
packets from Computer A to whatever IP Address Router B is at, then
Router B would just relay those packets to Computer C. The same thing
should happen if send packets from Computer C to Router B, they would
get relayed to Computer A and appear to have originated from Router
B. If a packet comes from any address other than Computers A or C,
then the router would not respond to it.

Does that help? I really don't know much at all about routers and
subnets and everything. Is there an easy way to set up some kind of
router this way? Thanks for assisting!

Garrett

 

In short, no. You could use fxp'ing, which is just like an ftp, but
you don't have to be a hop in the transfer, you can login to both
sites, and send files back and forth presuming they allow this.
Flashfxp is one tool that will do that.

The issue with what you are asking, is that you are asking router B to
actually change the source and destination of the packet. Rather than
A to B, you want that changed to B to C. The issue is, A is a pc, and
B is a router. A is setting up a tcp session with the remote end for
a web session or ftp session or whatever, so even if B could change
the source and destination IPs, B most likely does not run the same
OS, same services, and would also need to effectively setup a tcp
session just like A which is nearly impossible given frame numbers and
sequences, etc. I think the issue is you are only looking at this
from one way, when you have to know that there is always return
traffic and sessions need to be established for this to work. A relay
server (not sure what one is, but understand the concept) would work,
because it can receive the traffic, then have a rule set of what to do
when that traffic arrives. If receive ftp session from A, kick one
off to C with yourself as the source, and transfer same file received
from A, to C. But these are servers that run the same services and
can therefore have a ruleset and applications to 'mimic' each other.

If I'm off base in assessing your requirement, let me know.

 

I think I see what you're saying; there is complexity in changing the
source and destination IPs for every packet that passes through the
router B. But it would seem like surely there is some kind of
hardware device that would do just that. When I look at the
configuration for the inexpensive wireless router I bought at Wal-
mart, it allows me to set up port forwarding for addresses internal to
the home network. I suppose what I'm looking for is something that
would do the same thing but for an external address. Is any of the
"professional" router hardware out there capable of doing this?

Garrett

 

The issue is not changing the destination, its changing the source,
because TCP relies on a session being established between the two
nodes. The router you are describing has a table of nodes sitting
behind it (aka being NATed). When traffic comes in/out, that table is
kept in synch so that traffic that comes in is routed to the correct
node behind the router. But remember, the source destination are
still really the same (meaning, its still a server/pc on the remote
side, the a server/pc behind the router). Therefore, the router is
really just helping the traffic find that destination, and the session
is still setup between the two end nodes. What you are asking is for
the router to kick off a session to a different network, and proxy PC
As session. Thereby, you aren't asking the router to redirect and
instead of PC A setting up a session with PC B, it goes to PC C. What
you are asking is a session from A to B, is then mirrored or proxyied
from B to C, which is where I am saying this is not possible on a
piece of network hardware. Not only can a router not create new
streams on its own, but it probably doesn't even run the application
or service you are trying to proxy (http, https, ftp, etc).

 

In order to figure out a solution here, let me ask a basic question. Why do
you need to go through "Router B" for "Computer A" to talk to "Computer C".
That doesn't make any sense to me. Why can't they talk to each other
directly if they are both connected to the internet?

 

The reason is that I may be traveling to a place where internet
surveillance is high and the IP address information of Computer C
might raise suspicions. There is nothing illegal or morally wrong
with connecting to Computer C or the information, but I just don't
want to receive any "bad publicity" while I'm over there.

Thanks,

 

Remote desktop to a specific box, kickoff your traffic from there.
Use VNC instead of microsoft so you can do file transfers, etc. Just
my 2 cents.