1

Consider a small network with 1 router (192.168.1.1) and clients (192.168.1.x). The router (OpenWRT) provides Ethernet LAN and WiFi for the clients, to connect to the Internet.

Now, I want to use a server in between the clients and the router. So that the clients first connect logically to the server and the server routes all the traffic from the connected clients to the router. All clients and also the Server are only connect to the router. The server does only have 1 eth0 interface.

[Clients]----[Server]----[Router]----[Internet]

How do I configure this setup? I also want only some specific clients to use the server in between themself and the router. All the rest of the clients should not use the server as a "gateway" or "tunnel".

Is it possible for example to use the server's IP as the default gateway in the IP settings of the client(s). And configure the server to just accept all incoming traffic from the clients and route it to the router?

Edit: How to set this up? I cant find any tutorials for this.

user3200534
  • 302
  • 1
  • 3
  • 10
  • 1
    What is the real problem you're trying to solve here? Why do you need to route clients through the server? – EEAA Apr 06 '15 at 13:47
  • I want to use Snort/Suricata to filter only specific clients' traffic for malware, but packet mirroring is not an option here. Please I dont want to spend time explaining why and so on - I just want to use this setup as described. Its a technical question. – user3200534 Apr 06 '15 at 14:25
  • 3
    The "why" is important. Often times people think they know what they want, and think they know the best way to achieve that thing, but are actually quite mis-guided. This is why including the "why" is critical to getting a good answer. – EEAA Apr 06 '15 at 14:40

2 Answers2

1

You have several options

  • Proxy - If you are interested in a limited number of protocols (e.g. HTTP) you can set up a server as a proxy server (e.g. using Squid). There are ways to set up transparent proxies but the simplest is probably to explicitly configure client applications to use the proxy and enforce this in your router's firewall (e.g. only allow HTTP to/from proxy server).

  • One armed router - you can configure your server as a one-armed router and again, configure the external router to only accept traffic from the internal router.

Either of these cases allows you to use a packet-capture or other tool on the server.

RedGrittyBrick
  • 3,792
  • 1
  • 16
  • 21
  • I am interessted in all traffic and all ports. I have no idea how to setup the iptables on the server and do the configuration on the client side - thats why I asked. I just want the clients traffic passing through the server. – user3200534 Apr 06 '15 at 16:22
0

As you said you

have no idea how to setup the iptables on the server and do the configuration on the client side

then you should set the default gateway on the clients to the servers address. The server should allow routing (by enabling the net.ipv4.ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward) and has its default gateway set to the openwrt router. Server, clients and the internal router interface must be on the same network.

Beware that this is not at all secure as client might just send traffic directly via the openwrt router.

Marvin Frick
  • 196
  • 4