Originally posted here by Spyrus
I still think if you use the code from this site and edit it then it should work fine.

for instance if you have everything come from the outside and hit a main server on the inside then use that server to distribute the information to your internal network I would assume it would work.... So you make the request to box2.domain.org the request goes to a server the server see it


Given if you go this route you may have to change the ports internally but maybe not, it may just make the request if you have a name server inside your network or if you make your main server a Name Server also.

Just some thoughts for you
Hey Hey,

Good to see yer looking Spyrus, however this is ASP and will only work for a webserver. Since Dome wants to deal with SSH and other servies it won't work. I used to run a similar perl script on my server but it works because the HTTP protocol contains the SERVER_NAME variable, however when you recieve SSH there's no way to distinguish between the name, like Tiger Shark mentioned......

I suppose you could rewrite applications .. I know you aren't a programmer, but if you could find yourself one... you'll be set.. here's what you'd need to do.

2 apps are required:
The first is an SSH Client that will let you specify your source port, who knows this may already exist.
The second is a gateway running a, for lack of a better description, a modified version of PAT.

Basically what you do is have the gateway app look at the source port on the packets and forward them on to specific internal IPs based on the SRC port. Have it remember which source ports are associated with which Internal IPs.

You'd end up with something like this.

Gateway:
Forward SRC PORT 2222, DST PORT 22 to box1:22
Forward SRC PORT 2223, DST PORT 22 to box2:22
Forward SRC PORT 2224, DST PORT 22 to box3:22

SSH from X.X.X.X:2222 to ExternalIP:22, the gateway will forward you to box1.


Now that I've thought about it, ettercap does packet mangling, although I'm sure with some research you could find better software. Just configure a shitload of ettercap rules, and have it mangle the packets appropriately. Each Above forward rule would be a filter and it would mangle the packet to contain the internal IP address, rather than the External Address. This means you'll have to have 1 gateway PC that shares the net connection with the rest of the PCs (through switch, hub, whichever... 2 NICs in the PC).. however it should work, now all you have to do is find an SSH client that will let you specify the source port.

Peace,

HT

Damn, that took a while to write.

[Edit]
So... the more I look at that the more I realize it's a horrid idea, may as well just have them specify a different destination port... so how about this.

1 Gateway machine serving the rest of the machines, this is similar to the webpage of links idea. For HTTP use the script that was posted above, or grab a simple php/perl one (you could get one that'll function in less than 10 lines). Then use CNAME entries to reference them for website access. For SSH, have a script listening on port 22 of the primary machine, When they login, display a menu.. no shell available.. just a menu. Let them choose an internal Machine (i.e. 1: Box1 2: Box2 3: Box3). They can then just hit a number (1,2,3) and be forwarded to that machine.

[/Edit]