Forward traffic/packets through server (proxy/tunneling)

Question

I have two networks:

• My local network (192.168.1.0/24)
• IPTV network (10.0.0.0/8)

My current configuration of network is a little bit different as you could expect, but I can't change that since my ISP has some restrictions what it's possible to do. So my network consits of two routers:

• ISP's router which handles Internet+IPTV+Phone
• My router which is working like switch and run DNS server alongside disk shares and things like that

Inside IPTV network, there is a server which is dedicated to provide archive content recorded on different TV channels (also called timeshift). Connection to this server is limited and only computers which can access to IPTV network can stream the content. The problem is that the computer which can access to IPTV network must have configured one VLAN and static routes and I can't do that to few computers in local network, because I don't have some permissions. So I would need some workaround which would enable all computers to be able to stream content from dedicated server. Server is providing streams through RTSP protocol in MPEG-TS type.

I was already looking to setup RTSP proxy, but none of currently existing software (Live555, Darwin, rtmpd, proxy with avconv/ffmpeg) can't do the right thing in my case (I'm not able to correctly access stream - it's working for 10 secs and then I got RTSP packet loss; it's not possible to seek video). Another thing which I found is to configure router to forward packages to right gateway and do other stuff, but since I don't have access to ISP's router which is also my default gateway, this option is out. The third thing I found was SSH tunneling which looks amazing, but the problem is that I can't connect all computers to other computer which could access to stream, because I don't have permissions to install software on few computers (portable apps are also "blocked").

I'm thinking in the way of SSH tunneling - to setup a server with some service which would listen on a port, and all computers in my local network could connect to it. This server would just forward all those packets to the end point (dedicated server) and all packets would be sent back to the source points. Is possible to do that with some existing tool?

[EDIT] This is how my network looks like:

All devices connected both to my router and ISP modem are visible to each other, because the router is just "extending" existing ISP's modem network. The ISP's modem is probably routing 10.0.0.0/8 packets to some other internal gateway which is hidden in private network. VLAN configuration has defined other gateway than the 192.168.1.1 (by ISP modem) which is in 10.0.0.0/8 network.

Answer 1

Given what you've described, it appears your network is set up like this:

{Internet}  ---  [ISP Router] --- <10.x.x.x network w/ IP TV> --- [Your Router] --- 192.168.1.x

The problem you are describing is the result of the direction of the Default Gateway. In each case above, hosts in the 10.x.x.x network or the 192.168.1.x network will have a Default Gateway pointing to the device immediately to the left. (The 192.168.1.x points to your Router, the 10.x.x.x points to the ISP Router). This is correct and desired, because that is the direction that leads to the Internet.

What this creates is a situation where a host on the 10.x network knows of only two things (from the perspective of their network connectivity, at least).

• to speak to something on the 10.x network, speak to the local LAN
• to speak to anything else, send it to the ISP Router (aka, follow the default route)

The hosts on the 192.168.1.x network also know only two things:

• to speak to something on the 192.168.1.x network, speak to the local LAN
• to speak to anything else, send it to the "Your Router"

So, bringing it all together. Hosts on the 192.168.1.x network can send packets to hosts on the 10.x.x.x network. But when the hosts on the 10.x.x.x network try to respond, they know only to send the traffic out to the default gateway... which is precisely the opposite direction that the traffic should have gone. That is why the problem is happening.... which brings us to solutions, three of them, in fact:

(1)
Typically, you would want to create a Static Route on the hosts in the 10.x.x.x network to let them know of a "third thing" that the 192.168.1.x network is towards the direction of the "Your Router". BUT, this doesn't really scale very well if there are a lot of hosts on the 10.x network, or if you don't have access to make static routes on all of them.

(2)
If you have access to your ISP Router, you could a single Static route there, to inform the ISP Router that the 192.168.1.x network exists behind "Your router". BUT, depending on the make/model, you may run into issues with routing back out the interface traffic arrived on. While conceptually, this should work fine, a lot of vendors disable this behavior by default as a loop prevention strategy... which is acceptable behavior, but not for your intentions.

(3)
Which brings us to the third solution, and in my opinion, your best bet: You need to re-architect your Network. The goal is to let the default gateway naturally cause the communication to simply work.

{Internet}  --- [Your Router] --- 192.168.1.x
                      |
                      |
                 [ISP Router]
                      |
                      |
               10.x.x.x network

The position of "your router" and the ISP router can change. So long as you have this "T" like configuration. This makes it so hosts on both networks naturally flow towards the "Your Router", and since "Your Router" is directly connected to the two networks, as well as the Internet, it will be able to route traffic properly between those three directions.

Note: You will probably have to set up a transient network between the two routers. But so long as the ISP Router is NAT'ing, the same effect will be attained.

Answer 2

10.0.0 is not an ISP network, it's just a local network created for your use. On the Internet the router is known by another IP address which is certainly not 10.0.0. The job of the router is to convert addresses from local to Internet every time an internal program connects to the Internet, passing packets back and forth while substituting IP addresses.

To the program it seems that it's connected to the Internet, although only the ISP's router is really connected. For the ISP there is only one correspondent on your IP address, and all local->Internet connections come from the same IP address - the router's, and it's really the router that's doing the connecting to the Internet.

Therefore the simplest solution would be to let the ISP's router create your local network with addresses of 10.0.0.x, if it has DHCP server capability. Your router can probably be configured to also request its IP address, just as do all other computers or devices.

If the ISP's router doesn't have DHCP server capability, it will probably use for itself the address of 10.0.0.1. In that case you need to parameter your router not to use or allocate that address, but all other 10.0.0.x addresses can be used.

With all devices on the same network of 10.0.0.x, sharing resources across the network will become simple and straight-forward, with no need for VLAN and static routes.