Short version:  Is there any way I can make it so whenever my machine
tries to connect to a certain IP address on some port, it is
redirected to instead connect to Localhost on the same port? It is
more or less necesary for any solution to be software based. I am
running Windows XP Professional, however I would still like to know of
any UNIX/Linux based solutions if you can find them.


Long version / Background:  I am behind a firewall that blocks most
TCP ports except very common ones like SSH, HTTP, FTP, POP3, etc. I
have a program (A game called Dark Age of Camelot or DAoC) that needs
to connect to two remote hosts, one of them on TCP port 10500, and the
other on TCP port 1280. Both of these ports are blocked by the
firewall I am behind.

I have a machine outside the firewalled network that I can log into
using SSH. Using this SSH connection and the port forwarding feature
of my SSH client (PuTTy), I have created tunnels whereby
localhost:10500 and localhost:1280 are forwarded to those same ports
on the appropriate remote machine.

Now, unlike most programs that can bypass firewalls using this
technique, the remote hosts that DAoC is set to connect to are
hardcoded, and it is for all intents and purposes impossible to change
them. The remote host that uses port 1280 is basically an update
distribution server. The entry in the DAoC configuration files for
this machine is "patch.daoc.net". Since DAoC connects to this server
using a DNS name, I can edit the windows "hosts" file so that
"patch.daoc.net" points to my local address instead of the real
address. By doing this, the DAoC program connects to the update server
via the SSH tunnel and everything works fine.

Now, the other server which uses port 10500 is the actual game server.
This server does not have a DNS name. DAoC connects to it using its IP
address. Unlike the patch server, I cannot redirect the program to my
SSH tunnel simply by adding an entry in the "hosts" file. What I would
like to do is find some way for all data sent to this machine's IP
address to be instead sent to my local IP address. This way the
traffic will be sent through my SSH tunnel.

Thank you for your time.

---

Request for Question Clarification by sublime1-ga on 06 Oct 2003 23:15 PDT

morbus...

I'm not positive if this will work, but have you tried adding
gameserverIP.daoc.net to your hosts file, in the form of 
127.0.0.1    xxx.xxx.xxx.xxx.daoc.net 
?

---

Clarification of Question by morbus-ga on 06 Oct 2003 23:30 PDT

No server except the patch server has any DNS name, including
XXX.XXX.XXX.XXX.daoc.net.

However, even if it did, the problem is that the login program
attempts to connect to that machine via IP address, not via DNS name.
Even if the server had a DNS name and I made the appropriate entry in
my hosts file, the login program would still try and connect to
XXX.XXX.XXX.XXX, not XXX.XXX.XXX.XXX.daoc.net-->127.0.0.1.

As mentioned in the original question, the configuration files that
tell the login and patch programs which servers to use is for all
intents and purposes unchangable. The reason for this is that the
patch program examines all the game files and compares them to the
ones for the current version on the patch server. Any files that are
different are updated. This includes the config files with the server
information for the login program. Also, the login program is launched
pretty much immediately after the patch program, so it is not possible
to restore the config file back to the custom version after the patch
program updates it.

---

Request for Question Clarification by webadept-ga on 07 Oct 2003 11:28 PDT

Hi, 

I don't have time to write up the instructions for this right now, but
if one of our other very intelligent researchers finds the answer with
this hint or you do, then great. If not I'll try to find some time
tonight to put together the answer for you.

What you are looking for is call "routing" and "binding". This does
exactly what you are asking it to do. When the IP address, (example
22.25.21.10) is asked for, the routing table is used to find the
quickest method of getting there, if there is "not" a route specified
for that address. If a route is specified, then the track is made
using that route.

I hope I get some time tonight to do this for you, or maybe by the
weekend, but I'm sure that one of  the others is going to get in here
and answer this by then.

webadept-ga

maybe add a 2nd IP address to your network adapter?

I should probably add that since the two remote hosts use different
TCP ports, a similar solution would be to redirect all outbound
traffic on a certain port to the corresponding port on localhost. For
example, all traffic sent to TCP 10500 would be directed to
127.0.0.1:10500. I suspect that this or something like it should be
possible with NAT software, but I wouldn't know how to implement it.

You want to create a route in the routing table.  Open a command
window (Run->command.com) and run "route print".  Take a look at the
column Network Destination. Find your IP address.  Use the route
command to create an identical route as that of your IP address, but
instead, substitute the remote network IP address that you want to
tunnel via SSH.  This will tell the OS that all traffic destined for
that network (or single IP address) should be sent to your 127.0.0.1
network (thus going through your tunnel).

samboca-ga