1 |
Andreas Herrmann wrote: |
2 |
> Hi there, |
3 |
> |
4 |
> I want to setup a gateway / firewall solution with Gentoo. The network |
5 |
> has following structure: |
6 |
> |
7 |
> Several host (host[1,...,x].domain.net) are defined within the DNS and |
8 |
> all of them have the same A-Record with the IP 1.2.3.4 |
9 |
> The gateway is listening on its external network interface with the IP |
10 |
> 1.2.3.4 and has an internal interface with a private subnet |
11 |
> (192.168.0.0/24). The hosts (host[1,...,x].) are addressed in this |
12 |
> subnet. |
13 |
> |
14 |
> How can it be solved, that the gateway opens a tunnel to the special |
15 |
> host in the private subnet (let.s say 192.168.0.3) if there is a query |
16 |
> for host3.domain.net? |
17 |
> |
18 |
> In my opinion this cannot be done because the client queries the DNS |
19 |
> and simply opens the connection to the IP 1.2.3.4 and the gateway has |
20 |
> now hints how to decide to which internal host the tunnel should be |
21 |
> opened. |
22 |
> |
23 |
> But this setup is possible because Microsoft ISA Server exactly does |
24 |
> this job! |
25 |
> |
26 |
> I have no idea how to solve this. First idea was a kernel bridge |
27 |
> between the interfaces. |
28 |
> |
29 |
> Do you have any hints for me? |
30 |
> |
31 |
> Thanks a lot! |
32 |
> |
33 |
> Andreas |
34 |
> |
35 |
Microsoft ISA Server is a Firewall/Proxy/Reverse-Proxy ... |
36 |
|
37 |
So in your case, I suppose it does a reverse proxy job (not a tunneling, |
38 |
just working as a web client for internal network). |
39 |
|
40 |
I already replaced several ISA server with GNU/Linux solutions, with the |
41 |
help of Apache and his mod_proxy ... that's imho your solution. |
42 |
|
43 |
-- |
44 |
. /mRyOuNg/ . [ SoundBomb . Syn[Rj] ] . |
45 |
|
46 |
mail: mryoung@×××××××××.net <mailto:mryoung@×××××××××.net> |
47 |
web : mryoung.soundbomb.net <http://mryoung.soundbomb.net/> |
48 |
-- |
49 |
gentoo-server@g.o mailing list |