Transparently proxying telnet traffic?

Question

We have written a tool to proxy telnet traffic, and fork the inbound/outbound streams for recording purposes (this is a testing tool to test a legacy system). However, we hit a snag. The legacy system relies on knowing a client's ip address in certain cases, but when we use our proxy the clients' addresses are all changed to the proxy's address. Since we control what machine the legacy systems uses as a gateway, I'm wondering if there isn't some way via iptables or some other packet mangling tech to spoof this. So, in other words, without the proxy we have:

[CLIENT A - 172.16.2.2]------|
[CLIENT B - 172.16.2.3]------|------------[SERVER sees CLIENT A as 172.16.2.2, B as 2.3, so on]
[CLIENT C - 172.16.2.4]------|

With the proxy we get:

[CLIENT A - 172.16.2.2]---|
[CLIENT B - 172.16.2.3]---|---[PROXY 172.16.2.5]--[SERVER sees all clients as 172.16.2.5]
[CLIENT C - 172.16.2.4]---|

What we need:

[CLIENT A - 172.16.2.2]---|
[CLIENT B - 172.16.2.3]---|---[PROXY 172.16.2.5]--[SERVER sees CLIENT A as 172.16.2.2, so on]
[CLIENT C - 172.16.2.4]---|

Is there any possible way to accomplish this?

Thanks!

Answer 1

This question is not really programming-related.

But you can do it with the Linux kernel facility TPROXY, which I believe is distributed separately from Linux.

TPROXY lets you transparently proxy traffic, making the client and server see their own original IP addresses. You can do other tricks too.

Answer 2

Instead of using a proxy, can you just put a network card into promiscuous mode and use tcpdump or something similar to capture what's going on?

Answer 3

How about some NATing: does the server really need to see the exact IP or just unique IPs for the clients? If not, how about doing:

172.16.88.2                     --- 172.16.2.2
172.16.88.3   ---  PROXY        --- 172.16.2.3   --- SERVER
172.16.88.4       w/ 3 IPs      --- 172.16.2.4