Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-server

From: mRyOuNg <mryoung@×××××××××.net>
To: gentoo-server@l.g.o
Subject: Re: [gentoo-server] Routing into private subnet
Date: Fri, 18 Aug 2006 16:32:21
Message-Id: 44E5EAED.80800@soundbomb.net
In Reply to: [gentoo-server] Routing into private subnet by Andreas Herrmann
1 Andreas Herrmann wrote:
2 > Hi there,
3 >
4 > I want to setup a gateway / firewall solution with Gentoo. The network
5 > has following structure:
6 >
7 > Several host (host[1,...,x].domain.net) are defined within the DNS and
8 > all of them have the same A-Record with the IP 1.2.3.4
9 > The gateway is listening on its external network interface with the IP
10 > 1.2.3.4 and has an internal interface with a private subnet
11 > (192.168.0.0/24). The hosts (host[1,...,x].) are addressed in this
12 > subnet.
13 >
14 > How can it be solved, that the gateway opens a tunnel to the special
15 > host in the private subnet (let.s say 192.168.0.3) if there is a query
16 > for host3.domain.net?
17 >
18 > In my opinion this cannot be done because the client queries the DNS
19 > and simply opens the connection to the IP 1.2.3.4 and the gateway has
20 > now hints how to decide to which internal host the tunnel should be
21 > opened.
22 >
23 > But this setup is possible because Microsoft ISA Server exactly does
24 > this job!
25 >
26 > I have no idea how to solve this. First idea was a kernel bridge
27 > between the interfaces.
28 >
29 > Do you have any hints for me?
30 >
31 > Thanks a lot!
32 >
33 > Andreas
34 >
35 Microsoft ISA Server is a Firewall/Proxy/Reverse-Proxy ...
36
37 So in your case, I suppose it does a reverse proxy job (not a tunneling,
38 just working as a web client for internal network).
39
40 I already replaced several ISA server with GNU/Linux solutions, with the
41 help of Apache and his mod_proxy ... that's imho your solution.
42
43 --
44 . /mRyOuNg/ . [ SoundBomb . Syn[Rj] ] .
45
46 mail: mryoung@×××××××××.net <mailto:mryoung@×××××××××.net>
47 web : mryoung.soundbomb.net <http://mryoung.soundbomb.net/>
48 --
49 gentoo-server@g.o mailing list

Replies

Subject Author
Re: [gentoo-server] Routing into private subnet Andreas Herrmann <sma@××××××××××××××××.de>
Report Message
Find on MARC Find on Google Groups