Friday, April 15, 2011

Transparently proxying telnet traffic?

We have written a tool to proxy telnet traffic, and fork the inbound/outbound streams for recording purposes (this is a testing tool to test a legacy system). However, we hit a snag. The legacy system relies on knowing a client's ip address in certain cases, but when we use our proxy the clients' addresses are all changed to the proxy's address. Since we control what machine the legacy systems uses as a gateway, I'm wondering if there isn't some way via iptables or some other packet mangling tech to spoof this. So, in other words, without the proxy we have:

[CLIENT A - 172.16.2.2]------|
[CLIENT B - 172.16.2.3]------|------------[SERVER sees CLIENT A as 172.16.2.2, B as 2.3, so on]
[CLIENT C - 172.16.2.4]------|

With the proxy we get:

[CLIENT A - 172.16.2.2]---|
[CLIENT B - 172.16.2.3]---|---[PROXY 172.16.2.5]--[SERVER sees all clients as 172.16.2.5]
[CLIENT C - 172.16.2.4]---|

What we need:

[CLIENT A - 172.16.2.2]---|
[CLIENT B - 172.16.2.3]---|---[PROXY 172.16.2.5]--[SERVER sees CLIENT A as 172.16.2.2, so on]
[CLIENT C - 172.16.2.4]---|

Is there any possible way to accomplish this?

Thanks!

From stackoverflow

  • This question is not really programming-related.

    But you can do it with the Linux kernel facility TPROXY, which I believe is distributed separately from Linux.

    TPROXY lets you transparently proxy traffic, making the client and server see their own original IP addresses. You can do other tricks too.

  • Instead of using a proxy, can you just put a network card into promiscuous mode and use tcpdump or something similar to capture what's going on?

    jbwiv : This is actually a good idea, but the task of reassembling and sequencing seems a bit daunting. I will look to see if any decent tcp reassembly utilities exist.
    Paul Tomblin : tcpdump has some pretty sophisticated filtering mechanisms. You can use them to filter on just the traffic from one host to one client on one port, for example.
    jbwiv : Yep, and we found a project called chaosreader that looks like it's going to help as well. Thanks for thinking outside the box!

  • How about some NATing: does the server really need to see the exact IP or just unique IPs for the clients? If not, how about doing:

    172.16.88.2                     --- 172.16.2.2
172.16.88.3   ---  PROXY        --- 172.16.2.3   --- SERVER
172.16.88.4       w/ 3 IPs      --- 172.16.2.4
    jbwiv : Unfortunately...it needs to see the original ips. Thanks for your answer though.
Posted by Ku XI at 7:50 AM

0 comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)