Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 04-02-2006, 11:59 AM   #1
LQ Newbie
Registered: Mar 2006
Posts: 6

Rep: Reputation: 0
redirect traffic

Hi all,

Assume my private network has 3 Hosts A,B,C behind a Router that connect to Internet as normal.

The requirement is:
-when A sends packets to internet, it will always send to C and C will forward packets to Router.
-And I've no access to A and Router.
-I only can install softwaare on C.

Therefore, my approach is to run my first program (on C) to programmingly tell the Router (the default gw of A,B,C) to send ICMP redirect to back HostA.
The second program will take care forward packets to Router.

I'm stuck on the first one (how to tell Router...)
How to do it ? what tool ? what protocol to use...?

I really appreciate if anyone can help ?
Old 04-02-2006, 01:48 PM   #2
LQ Guru
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
Without being able to modify the firmware on the router, this should not be possible. If you control the network, why don't you just adjust the routing tables on host A?
Old 04-02-2006, 11:05 PM   #3
Registered: Sep 2004
Location: Salt Lake City, UT
Distribution: Debian Sarge
Posts: 93

Rep: Reputation: 15
ICMP only redirects pings. If you want to intercept all traffic you are going to need to lump UDP and TCP into the mix.

Second, what you are referring to doing (running a program on C that will tell the router to forward all packets to A) would be considered a severe security risk. Can you imagine if I wrote a program that told your bank's server to forward all the packets sent from you to it to just pass them right along to me? For this reason it can't be done. You will need to have access to the router where you can put some packet filtering rules in place to send packets from A to C and then only allow packets to the internet from C.
Old 04-05-2006, 03:50 PM   #4
LQ Newbie
Registered: Mar 2006
Posts: 6

Original Poster
Rep: Reputation: 0
I think ICMP redirect(host, net) is one of the types that ICMP protocol provides to let a Host
change its own routing table. Thus it's not only redirect pings like you said.

Second, there're few ways to force a particular host/hosts in a LAN to send packets to your machine instead of to the normal destination:
1. icmp redirect from your machine to that host
2. icmp redirect from Router to that host
3. arp spoof

I just dont know how the number2 works..the other methods can be done easily and work
(provided that the host would accept icmp redirect message)

(when the Customers use the software, we let them know how the software works and they accept the solution)
Old 04-06-2006, 09:43 AM   #5
Registered: Jan 2003
Location: Cambridgeshire, UK
Distribution: Mint (Desktop), Debian (Server)
Posts: 891

Rep: Reputation: 184Reputation: 184
You are going to have to reconfigure A to use C as its default gateway. The only way to get the router to redirect all traffic from A to C is to add a default route pointing to C at which point you have just created a nice loop. You could spoof a redirect i.e. an unsolicited redirect from C to A. However to get the router to deliver A's return traffic to C first you would need to use arp poisoning.

One has to ask why you want to do this. If you don't have access to A why do you want all of its traffic to pass through your machine? It sounds like you might be up to no good!

Last edited by baldy3105; 04-06-2006 at 09:44 AM.
Old 04-06-2006, 10:45 AM   #6
Registered: Sep 2004
Location: Salt Lake City, UT
Distribution: Debian Sarge
Posts: 93

Rep: Reputation: 15
wikipedia says only routers can send redirects. If A does not think that C is a router, then it shouldn't accept redirects from C right? The redirect was placed in ICMP so that if C says "I need to talk with B" and sends that packet to A. A, being the gateway, sends an ICMP redirect saying "You do know that you are on the same network as B right? You can send it yourself. Modify your route tables like so..." then, after it sends the redirect back to C it says "I'll still pass this stuff along to B" and routes the packets like C initially asked it to.

Unless I misunderstood wikipedia, it sounds like A will need to either know or at least BELIEVE that C is it's gateway before it will accept and "authorize" ICMP redirects.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP) ffkodd Linux - Networking 3 10-25-2008 12:09 AM
redirect traffic through apache kola Linux - Networking 7 12-11-2004 07:29 AM
Traffic redirect friki Linux - Software 2 11-04-2004 04:59 PM
using linux to redirect remote vpn traffic to another remote machine brb5548 Linux - Networking 0 06-28-2003 09:07 PM
Redirect traffic to internal IP? xmutex Linux - Networking 1 08-13-2001 10:29 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:20 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration