[AusNOG] Redirecting a TCP port both directions

Geordie Guy elomis at gmail.com
Tue Apr 8 12:07:36 EST 2014


Hi Folks,

Working with a B2B partner who has exposed non-RFC1918 addresses 172.31.1.2
and 172.31.1.3 through a VPN tunnel to our environment, and this works fine
for hitting a web service down the tunnel from our local networks.  We have
a development footprint in AWS that is shanking at this, because an
overlying abstraction layer for how AWS S3 instances route means that if it
sees a non-RFC1918 range it sends it out to the Internet regardless of any
host or other level routes that are specified.  I can set route add
172.31.1.0/24 via a gateway or for that matter the loopback until I go blue
in the face and the server will merrily continue to try and find the IP on
the Internet.

What I need to do, other than not allow design decisions that involve non
RFC-1918 addresses for private networks, is redirect a TCP port (443) from
an IP that I *CAN* hit inside our network, to the 172.31.1.0 range down the
tunnel, so that 1654287.r.msn.com stops scratching his head at the traffic
trying to hit him from AWS.

What do I do to accomplish this?  Netcat?  And before anyone says NAT,
there's already been enough bad decisions made here.

Regards,

Geordie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140408/1c43323c/attachment.html>


More information about the AusNOG mailing list