[AusNOG] Redirecting a TCP port both directions

James Hodgkinson yaleman at ricetek.net
Tue Apr 8 23:27:06 EST 2014


Do you have an AWS VPC going? From their FAQ (
http://aws.amazon.com/vpc/faqs/):

>    Q. What IP address ranges are assigned to a default VPC?

>    Default VPCs are assigned a CIDR range of 172.31.0.0/16. Default
subnets within a default VPC are assigned /20 netblocks within the VPC CIDR
range.

Sounds like (from the rest of the page) you might need to double check the
config...?


James


On 8 April 2014 12:07, Geordie Guy <elomis at gmail.com> wrote:

> Hi Folks,
>
> Working with a B2B partner who has exposed non-RFC1918 addresses
> 172.31.1.2 and 172.31.1.3 through a VPN tunnel to our environment, and this
> works fine for hitting a web service down the tunnel from our local
> networks.  We have a development footprint in AWS that is shanking at this,
> because an overlying abstraction layer for how AWS S3 instances route means
> that if it sees a non-RFC1918 range it sends it out to the Internet
> regardless of any host or other level routes that are specified.  I can set
> route add 172.31.1.0/24 via a gateway or for that matter the loopback
> until I go blue in the face and the server will merrily continue to try and
> find the IP on the Internet.
>
> What I need to do, other than not allow design decisions that involve non
> RFC-1918 addresses for private networks, is redirect a TCP port (443) from
> an IP that I *CAN* hit inside our network, to the 172.31.1.0 range down the
> tunnel, so that 1654287.r.msn.com stops scratching his head at the
> traffic trying to hit him from AWS.
>
> What do I do to accomplish this?  Netcat?  And before anyone says NAT,
> there's already been enough bad decisions made here.
>
> Regards,
>
> Geordie
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140408/942d552a/attachment.html>


More information about the AusNOG mailing list