I have two machines, A and B, running RHEL Linux. Each machine has a 1Gig network card connected to what I call the "LAN" network. Each machine has a 10Gig network card that is connected to what I call the "BIGDATA" network. These networks are not connected to each other, except through these machines.
I have fiber taps on the 10Gig interface of A on the BIGDATA network. The taps lead off to a capture server, where I want to record all the data going in and out. Initially all TCP, but perhaps some UDP would be nice in the future.
For development and testing purposes, I want to run both sides of a TCP conversation on A and yet capture the conversation with those taps. The developers who will be using this setup won't have accounts on B (at least that's my goal).
In my mind, it should be possible for a superuser to set up some sort of forwarding/relay on B, that would allow a client on A to connect to a server on A, but over the tapped fiber. I.e traffic goes from A to B on the LAN network, then back to A on the BIGDATA network. Return traffic takes the same path back.
My attempt so far has been to use ssh tunneling. Like A:~ $ssh B -L 8051:<A's-BIGDATA-IP>:3434 -N
. That actually worked great for capturing traffic from the client to the server. But unfortunately the server's responses are finding the shortcut of just staying local, and never appear on the fiber. Looking at wireshark, the packets know their destination IP, and don't feel obligated to take the tunnel back.
I found this answer, but I believe all the solutions require both interfaces to be on the same network. Maybe the seeds of my solution are in there, but I can't find them.
I think I could write this from scratch in C, making a program to run on B to take TCP connections on the LAN interface, initiate another TCP connection on the BIGDATA interface, back to A, and forward the replies as well. It would only copy the TCP payload, which would be sufficient for my purposes.
Is there a cool tool that does this forwarding/relay already?
Is there a way to make ssh tunneling work the way I want for the return traffic?