11

I'm not the System Administrator of our corporate network, but I've got two Linux workstations (hosts A and B) with root access to both.

Both hosts can see each other fine (ssh, ping, etc works from one to the other). However, only host A can reach out of our corporate firewall and access the Internet etc; host B cannot.

Question: How could I have all (and not just HTTP) outgoing and incoming network traffic at host B routed via host A, without involving my System Administrator? Right now, I don't know if I would need to use NAT for host B, and/or make host A a proxy server, and/or make host A a router.

On Host B, I tried issuing a route add -host <HostA> gw <HostA's Gateway> command, but it didn't work: I was unable to ping www.google.com from Host B. Please pardon my ignorance on this subject of routing/networking.

Dave M
  • 4,494
  • 21
  • 30
  • 30
Harry
  • 393
  • 1
  • 4
  • 12

2 Answers2

17

You have multiple solutions to do this :

Easier way : NAT

Make A a router by allowing forwarding : sysctl net.ipv4.ip_forward=1 Put net.ipv4.ip_forward=1 in /etc/sysctl.conf to make it permanent.

Then on A, nat trafic by typing : iptables -t nat -A POSTROUTING -o ethx -j MASQUERADE

Finally on B : Route all traffic via A : 

ip route del default  
ip route add default via IP_of_A

Other solution : Proxify,

but you need to setup all the components to use the proxy:

On B, open an SSH connection to A with this command :

ssh -D8000 -N -f user@IP_of_A

This will open a proxy sock on B and relay all traffic via A. If you use a web browser for example, you'll need to setup a proxy sock v5 on 127.0.0.1 listening on port 8000. You will not need to setup ip forwarding or touching to routes.

DrGkill
  • 936
  • 6
  • 7
  • On issuing the `ip route add` command, I got this error: `Error: either "to" is duplicate, or "gw" is a garbage.` – Harry Aug 29 '11 at 11:53
  • Btw, DrGkill, I would greatly, GREATLY appreciate if you could also mention the other ways. And also, some book/resource where these concepts are covered in a practical way. I don't need Tannenbaum-like theory, rather concepts and actual Linux commands I can try out and learn would be helpful. Not sure, if the apparently dated [http://www.faqs.org/docs/linux_network/index.html](Linux Network Administrator's Guide) is still current and covers the recipe you gave above. Thanks much and God bless. – Harry Aug 29 '11 at 12:04
  • The correct syntax is `ip route add default via` or `route add default gw`. – quanta Aug 29 '11 at 13:07
  • Mistake edited, plus the proxy way added. Enjoy. – DrGkill Aug 29 '11 at 15:20
  • 1
    Thanks quanta! The command was accepted successfully. But, when I now `ping www.google.com`, I get a `From hostA () icmp_seq=1 Destination Host Prohibited` error, and 100% packet loss. – Harry Aug 29 '11 at 15:30
  • @DrGkill Is there anything else I need to do on A? – Harry Aug 29 '11 at 17:32
  • Exactly the same problem - after using this, "Destination Host Prohibited" – Alex Feb 04 '13 at 08:36
1

I believe you will need to disable your firewall.

service iptables stop

Not sure if that is necessary on both Host A & Host B, but it did get me passed the "Destination Host Prohibited" message

HBruijn
  • 72,524
  • 21
  • 127
  • 192
Eric
  • 11
  • 1