Is there an easy way to make a local client on a local machine talking to a local server think that it is talking to a server on the internet?

I have a local (HTTP) server running on my (Linux) machine (listening on 127.0.0.1:port) and a local application that connects to it as a client. Both the server and client applications are proprietary and I can only change some basic config for both. I have had this set up working fine until recently when the client application was updated. The client application now seems to require that the server it connects to must be "on the internet" so it is disallowing connections to 127.0.0.1 and other "local-like" addresses such as 10.0.*.* and 192.168.*.*.

As a workaround, I am now using ngrok to get a remote address for my local server and the client application happily works with that. However, that is a manual/slow process to run ngrok and update the client application's config and it requires an internet connection and going through ngrok's servers.

I am wondering if there is a way to "fake" an "internet-like" IP address to resolve directly to my local machine.

I have looked into "dynamic DNS" solutions but they require changes to router config that I often don't have control over.

What I am thinking is along the lines of setting some porn site's "internet-like" IP to "resolve" to my local machine on my local machine using some kind of "virtual network adapter" BUT I don't want to spend a lot of time building such a set up. Hence, the question, is there an EASY way to do this?

SBhojani

Posted 2018-02-11T05:38:25.767

Reputation: 93

4Is there a reason why you don't want to add a non-local-sounding IP address to one of your interfaces? – Ignacio Vazquez-Abrams – 2018-02-11T05:40:20.877

@IgnacioVazquez-Abrams No, I am open to it. I just don't know an easy/quick way of doing it. – SBhojani – 2018-02-11T06:04:05.840

@IgnacioVazquez-Abrams Is https://www.garron.me/en/linux/add-secondary-ip-linux.html the kind of thing you are suggesting?

– SBhojani – 2018-02-11T06:11:25.957

@IgnacioVazquez-Abrams I just tried ip address add 31.192.120.36/31 dev lo and the client application doesn't like the that either. Could it be checking the local ip config? – SBhojani – 2018-02-11T06:39:25.533

2@SBhojani don't add it to dev lo, add it to eth0. If you've been adding the local network addresses like 192.168.. to dev lo, try those on the eth0 adapter instead of lo and they might work there. – BeowulfNode42 – 2018-02-13T10:54:09.313

@BeowulfNode42 The Linux machine is a VirtualBox VM and doesn't have eth0 for some reason. It has enp0s3, enp0s8 and virbr0 instead. I tried with ip address add 31.192.120.36/31 dev enp0s3 and it didn't work either. – SBhojani – 2018-02-16T13:17:33.433

@SBhojani It looks like you have Predictable Network Names and need to post the output of ip a. As a guess I would think you need to assign the IP address to the vibr0 adapter.

– BeowulfNode42 – 2018-02-17T05:43:43.487

Answers

use iptables?

iptables -t nat  -I OUTPUT --src 0/0 --dst dest_ip -p tcp --dport 80 -j REDIRECT --to-ports 80

(not sure about the chain though) This should in effect redirects --transparently-- any traffic going to dest_ip:80 to localhost:80.

the des_ip is any ip that makes the application happy.

Raouf M. Bencheraiet

Posted 2018-02-11T05:38:25.767

Reputation: 104

That seems to be working. Any way to make that permanent? – SBhojani – 2018-02-16T13:43:51.883

iptable-save/restore (some distribution have an init script for that), or any suitable firewall management thingy (my preferred would be shorewall) – Raouf M. Bencheraiet – 2018-02-16T15:36:25.243

For my own record and for anyone else that it might help, iptables-save didn't work for me as I was using FirewallD. I had to create a direct configuration rule with the table nat, the chain output and the args --src 0/0 --dst dest_ip -p tcp --dport 80 -j REDIRECT --to-ports 80. – SBhojani – 2018-02-20T12:00:03.423

yeah, if using something like shorewall/ufw/firewalld better not touch iptables directly and use whatever meas that has to add rules. – Raouf M. Bencheraiet – 2018-02-20T18:25:59.213

For my own record and for anyone else that it might help, iptables -t nat -I OUTPUT --dst dest_ip -j REDIRECT is enough to redirect ALL ports on dest_ip to "localhost". – SBhojani – 2018-04-08T02:04:52.270

You can add as an alias a "real" IP on the server, i.e. 1.2.3.4/32 and try connecting to this address form the client application, if it's on the same computer. If your client application in on a different computer, use something like 1.2.3.4/24 for the server and 1.2.3.5/24 for the client, provided they're both in the same LAN. This type of addresses is not assigned in the internet, so you won't face any connectivity problems.

gmelis

Posted 2018-02-11T05:38:25.767

Reputation: 473

I am not sure how to do this. I can only configure the IP and the port for both the server and the client. – SBhojani – 2018-02-16T13:26:07.297

Depending on your distribution, there will be a standard way of doing this. Google should be of help here, for example a query of "how to add an alias ip address on debian/ubuntu/centos/mint...", should guide you to a simple way of adding an alias ip address to your ethernet adapter. – gmelis – 2018-02-16T14:30:58.830

You could try an ip address in one of the less well-known reserved, or not routable, ranges, betting on a poor implementation in your client-server application.

Refer to https://en.m.wikipedia.org/wiki/Reserved_IP_addresses

bbaassssiiee

Posted 2018-02-11T05:38:25.767

Reputation: 1 225

Not sure how to do that. For example, how would I make a server listen on 0.255.0.0 and how do I make a client connect to 0.255.0.0 "locally". – SBhojani – 2018-02-16T13:22:41.480

Try 1.1.1.1 and 1.1.1.2 netmask 255.255.255.0 – bbaassssiiee – 2018-02-16T17:57:32.950

I would use virtualization. You can make a fake little world for your software to live in. This can be as elaborate or as simple as you want. The benefit here is that you can use public IP addresses without messing up networking for the entire LAN you are attached to. Just make sure that the virtual interfaces are set to "host only" or "virtual network only".

You could even make two machines. One client and one server both in the public subnet, so they can talk to each other without routing. This could exist completely in the virtual network and not even be visible to the host, if you desired.

HackSlash

Posted 2018-02-11T05:38:25.767

Reputation: 3 174

Maybe you can use an Internet simulator like INetSim. It simulates (provides fake) common internet services, so the program thinks it's on the Internet. It is e.g. used for analyzing the network behaviour of malware in a closed and safe environment, and this program is then used to trick it to believe it is the Internet, while it's actually not.

It seems like the same scenario as your, so take a look at it and see if you can use it!

PatrikN

Posted 2018-02-11T05:38:25.767

Reputation: 327