linux - Smart transfer files to an isolated network environment

07
2014-07
  • stanleyxu2005

    I'm working with a project that requires to provision a batch of files to machines frequently. But these deploy machines are located in an isolated network, which is ONLY accessible via a broker machine. It's quite inconvenience.

    Here are the facts in concrete:

    1. The broker machine can access my workstation and all machines in the isolated network without a proxy.
    2. My workstation can access the broker machine with a socks5 proxy (no direct access to the others).
    3. Any machines in the isolated network can access each other without proxy (no access to broker and my workstation)

    How to transfer files from my workstation to machines in the isolated network efficient? And I do not want to configure no-password login, as these machines are VMs, which can be destroyed any time.

    I tried with a python library paramiko. It works well, the network is not proxy isolated. Any hints are highly appreciated.

    • Answers
    Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

    Related Question

    windows - Can't access computer on isolated network
  • indiv

    I have a Windows desktop PC on my corporate LAN with 2 NICs and I selected both adapters and bridged them in the network options. I also have a Linux PC with 2 NICs and I configured the first one to get DHCP on the corporate LAN and the second one to have a static IP on an isolated network. I modified the route on the Linux PC so that corporate LAN traffic goes out the first NIC (eth0) and traffic to the isolated network goes out the second (eth1). So I can access both networks on the Linux PC.

                      Windows               
            +-----------------+    
10.x.x.x <- | NIC1 -+         |                          Linux
            |       | bridged |              +----------------------------+
            | NIC2 -+         |<-->switch<-->| NIC1 (DHCP 10.x.x.x)       |
            +-----------------+              |                            |
                                             | NIC2 (static 192.168.1.50) |<----> 192.168.1.x
                                             +----------------------------+

    But I need to access a web server on the 192.168.1.x LAN from the Windows PC and I'm stuck. I have Windows set up to bridge the connections, so it's acting like a regular switch. I added a route to Windows to forward 192.168.1.x traffic to Linux NIC1. I can see using tethereal that Linux NIC1 is receiving the http packets from the Windows box on NIC1.

    Now how do I route that traffic to NIC2 so that it will keep going to the 192.168.1.x network and be able to receive responses? I think that I need to turn the linux box into a router. So I tried adding some iptables rules:

     Chain INPUT (policy ACCEPT)
 target    prot opt source               destination
 ACCEPT    all  --  10.6.100.0/22        192.168.1.0/24
 ACCEPT    all  --  192.168.1.0/24       10.6.100.0/22

 Chain FORWARD (policy ACCEPT)
 target    prot opt source               destination
 ACCEPT    all  --  10.6.100.0/22        192.168.1.0/24   // (-o eth1)
 ACCEPT    all  --  192.168.1.0/24       10.6.100.0/22    // (-o eth0)

 Chain OUTPUT (policy ACCEPT)
 target    prot opt source               destination

    I'm assuming I did something wrong because when I run iptables with --verbose I can see neither the INPUT nor FORWARD policy have processed any packets.

    I also enabled promiscuous mode on both eth0 and eth1 with ipconfig.

    I'd like to get this working with the existing hardware and topology. The Windows PC is where it is because I need it to sniff traffic entering and leaving the isolated network to debug equipment.

    How can I get this working how I want?


    • Related Answers
  • fen

    i guess you did forget to activate the ip forwarding on the linux box. you can check this by issueing the command

    cat /proc/sys/net/ipv4/ip_forward

    if this gives you a '0' ip forwarding is disabled. to enable it issue this command:

    echo 1 >/proc/sys/net/ipv4/ip_forward

    note that this will only last till your next reboot. how to make this persistent is distribution dependent. most distros have a file called /etc/sysctl.conf. if this file exists open it using vi and check for a line 

    net.ipv4.ip_forward = 0

    change the 0 to 1 and most probably it will enable ip forwarding next time you boot the machine. be sure to check after the reboot.

    a note on your iptables: the chains do have the following meaning:

    • INPUT receives packets destined TO the linux box itself (so it won't see packets the linux box forwards
    • FORWARD receives packets htat the linux box forwards to other systems - so it won't see packets destined to the linux box itself
    • OUTPUT is only passed by packets which originate from the linux box itself (eg. generated from a locally running process like a ping command or such)