views:

122

answers:

3

We have written a tool to proxy telnet traffic, and fork the inbound/outbound streams for recording purposes (this is a testing tool to test a legacy system). However, we hit a snag. The legacy system relies on knowing a client's ip address in certain cases, but when we use our proxy the clients' addresses are all changed to the proxy's address. Since we control what machine the legacy systems uses as a gateway, I'm wondering if there isn't some way via iptables or some other packet mangling tech to spoof this. So, in other words, without the proxy we have:

[CLIENT A - 172.16.2.2]------|
[CLIENT B - 172.16.2.3]------|------------[SERVER sees CLIENT A as 172.16.2.2, B as 2.3, so on]
[CLIENT C - 172.16.2.4]------|

With the proxy we get:

[CLIENT A - 172.16.2.2]---|
[CLIENT B - 172.16.2.3]---|---[PROXY 172.16.2.5]--[SERVER sees all clients as 172.16.2.5]
[CLIENT C - 172.16.2.4]---|

What we need:

[CLIENT A - 172.16.2.2]---|
[CLIENT B - 172.16.2.3]---|---[PROXY 172.16.2.5]--[SERVER sees CLIENT A as 172.16.2.2, so on]
[CLIENT C - 172.16.2.4]---|

Is there any possible way to accomplish this?

Thanks!

A: 

This question is not really programming-related.

But you can do it with the Linux kernel facility TPROXY, which I believe is distributed separately from Linux.

TPROXY lets you transparently proxy traffic, making the client and server see their own original IP addresses. You can do other tricks too.

MarkR
A: 

Instead of using a proxy, can you just put a network card into promiscuous mode and use tcpdump or something similar to capture what's going on?

Paul Tomblin
This is actually a good idea, but the task of reassembling and sequencing seems a bit daunting. I will look to see if any decent tcp reassembly utilities exist.
jbwiv
tcpdump has some pretty sophisticated filtering mechanisms. You can use them to filter on just the traffic from one host to one client on one port, for example.
Paul Tomblin
Yep, and we found a project called chaosreader that looks like it's going to help as well. Thanks for thinking outside the box!
jbwiv
A: 

How about some NATing: does the server really need to see the exact IP or just unique IPs for the clients? If not, how about doing:

172.16.88.2                     --- 172.16.2.2
172.16.88.3   ---  PROXY        --- 172.16.2.3   --- SERVER
172.16.88.4       w/ 3 IPs      --- 172.16.2.4
ShiDoiSi
Unfortunately...it needs to see the original ips. Thanks for your answer though.
jbwiv