Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have hosts say A,B,(C...Z) located in different subnet
There is a fire wall between host B and (C...Z) but ICMP ports are open between them.
I have following requirement.
I am able to ping from B to any Host in (C...Z),but I also want A to ping (C...Z) since hosts (C...Z) are behind firewall hence I need a work around in such a way so that when I ping any hosts from A to (C...Z),it should go to B and from B it should ping to (C...Z).Is that can be done by using iptables ?
please guide me to achive this.
I think what you are asking is:
From A, how do I send a ping to B in a way the B forwards it to C-Z, since B is allowed to ping C-Z, but A is not.
If this is what you want the only thing I can think of is to set-up multiple internal IPs on B, like:
10.1.1.<last octect of C> and use an IP forwarding rule in iptables to forward all ICMP packets received on 10.1.1.<last octect of C> to the real C. Do the same for D-Z and then A can ping via B.
Although you may have a return packet problem if you don't set A's gateway to be B.
there is probably a much smarter way to do this, I just can't think of it at 7 AM
Dear ccolumbu,
Thanks for the quick reply,the solution given by you is interesting but it have around 1000 hosts (described as C-Z) and defining moultiple IPs on B will be very difficult for me.
Can there be any other method to achive this ?
You might be able to assign a virtual IP to B and make that a gateway to the internet only for ICMP packets.
Then on A setup a virtual IP that uses the new virtual IP on B as its gateway (make sure when you do the ping you specify -I <virtual eth on A>).
Presumably you can then ping using B as the gateway, but all other traffic would use the regular IP and gateway on A.
Although I think the above will work, I suspect you could get more flexibility and maybe more functionality this way:
Write a little client/server application that from A (client) simply calls a port to a single dedicated virtual IP on B.
The server on B listens on all ports on the dedicated IP and when a request comes in it converts the port to an IP to ping.
Then simply list the 1000 IPs in a config file giving each server C-Z a port -> IP relationship.
Then when B does the ping it simply returns the results to A via the open socket, and then closes the connection.
If you tell me a little more about what you are trying to do I might be able to offer more alternatives.
I have one monitoring tool which runs on Server B and Monitor all hosts (C..Z,approx 1000)
it monitor the hosts in two ways.
First : The server B ping to all the hosts (C..Z) in periodic interval and checks if the host is alive or not,ICMP ports are open for them from Server B (Known as passive monitoring)
Second : The clients (C..Z) connect to Server B by using suitable client program on ports x,y,z and port 80 on server B and provide the monitoring items values
e.g. cpu utilization,memory utilization (Known as Active Monitoring)
Now for some reasons I need to move the entire monitoring from Server B to Server A and I have achived the Active monitoring part by using port forwarding via host B
but Passive Monitoring is still not done.
This is why I normally use a virtual IP for services whenever possible, that way if you want to move the server (cluster, load balance, failover, or moving it, like now) you simply move the configs, daemon, and then the VIP.
In this case I guess making a VIP on B that acts as a gateway and rewrites all the packets both in and out so it looks like they come from B is the way to go. So create internal VIPs on both A and B (for this example assume eth0:0 is the VIP interface on both). Configure A so that pings use the -I eth0:0.
Set-up eth0:0 on A to use the new VIP on B as its gateway.
Set-up B so that it re-writes packets on eth0:0 to its IP on the outbound side and to rewrite them back when it sends them back to A.
That should be it, you should be able to have something like:
ping -I eth0:0 <IP of C> -> to B as gateway -> rewrite packet forward to C -> return data from C -> B rewrite data -> return to A
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
