I have a question regarding port forwarding and I hope you can help.
I have two machines that are accessible over public IP, let's call them 1 and 2.
I need to access a web service that runs on 2 but I can't as for some reason the IP is blacklisted and I can't do anything about that.
Machine 1, on the other hand, can be accessed without restrictions.
How can I use machine 1 as a traffic bridge towards the service on machine 2?
I know I could do a simple port forwarding on the firewall but that wouldn't work as the return traffic would come with the IP of machine 2 and would be blocked.
Another solution I'm thinking of is a VPN, but I would like to know if there is something else.
I'm running FreeBSD 10 on both machines btw.
>>54755576
Send all traffic to the available computer, have the available computer use iptables to redirect traffic on a certain port to the non available computer, and iptables to forward returned traffic as well
>>54755576
Look at DMZ maybe that can help you
>>54755576
Do you a firewall like ASA or is it a home router?
>>54755615
>>54755641
>>54755682
Thanks for the replies.
So, I control both machines and their network 100%: 1 is a VPN while 2 is a machine I have at home.
I run pf as firewall on machine 1 and openwrt as router/firewall on my home network
>>54755615
>>54755641
>>54755682
One is a VPS, sorry.
Pretty much what I'm looking for is something like SSH tunneling but for a web server
The IP of machine 2 is "blacklisted"? Can you elaborate?
The openwrt router is performing NAT, right? Are the IP addresses of both hosts in one of the RFC1918 ranges?
192.168.0.0/16
172.16.0.0/12
10.0.0.0/8
Are they both assigned in the same range, assuming you have a single downstream interface on the router running openwrt?
>>54756944
For whatever reason from the network I can't connect to the public IP of machine 2. It doesn't matter the port or the service, as soon as the SYN is sent, an ACK/RST is received. Only ICMP traffic can pass.
The IP address of machine 1 is a public IP while machine 2 is in my home network (192.168.0.0/24) which is NATted. On my firewall the port is open and port forwarding is enable.
I don't know if on machine 1 I could put a special rule in PF to NAT a port towards the public IP of machine 2?