1 |
A friend told me that ISA server is able to this and it actually works. |
2 |
I also cannot believe this because the FQDN isn't send with the SSH |
3 |
request. Maybe it is done indirectly ny tunneling SSH in HTML if this is |
4 |
possible. |
5 |
|
6 |
Yes, with different ports it can by easily solved by NAT. |
7 |
|
8 |
I think there is no direct solution for this problem if you just want to |
9 |
use simple SSH. The gateway cannot decide about the destination host |
10 |
because the FQDN isn't transmitted in the establishment of a SSH |
11 |
connection. Is this true? |
12 |
|
13 |
Andreas |
14 |
|
15 |
Sean Cook schrieb: |
16 |
> Is ISA server doing this for SSH,Mail ...? SSH in particular would be |
17 |
> extremely difficult unless you nat a different port for each host. The only |
18 |
> reason you are able to do this is that http passes the hostname with the |
19 |
> request to the webserver and the proxy can determine how to handle it. |
20 |
> |
21 |
> Sean |
22 |
> |
23 |
> On 18-Aug-2006, Andreas Herrmann wrote: |
24 |
>> We don't have enough public IP's but we want to have several real |
25 |
>> servers for different customers (SSH, Mail, etc.) in the private subnet. |
26 |
>> |
27 |
>> I also plan to switch from Microsoft ISA Server to an |
28 |
>> Open-Source-Solution with Linux. The solution can be simply done for |
29 |
>> webservers, but we need a solution for several services. |
30 |
>> |
31 |
>> I try to figure out the problem with a simple example: |
32 |
>> host1.domain.net IN A 1.2.3.4 |
33 |
>> host2.domain.net IN A 1.2.3.4 |
34 |
>> The gateway (1.2.3.4) should dynamicaly open a tunnel to |
35 |
>> 192.168.0.1 if the query is for host1.domain.net |
36 |
>> and to |
37 |
>> 192.168.0.2 if the query is for host2.domain.net |
38 |
>> |
39 |
>> If you need more details feel free to ask. |
40 |
>> |
41 |
>> Andreas |
42 |
>> |
43 |
>> |
44 |
>> Sean Cook schrieb: |
45 |
>>> My question is really what is the purpose? Are these webservers? Do they |
46 |
>>> have different services? You could use apache with mod_proxy for |
47 |
>>> webservices... |
48 |
>>> |
49 |
>>> If you can give a few other details as to what you are trying to |
50 |
>>> accomplish, |
51 |
>>> I might be able to help a bit more. |
52 |
>>> |
53 |
>>> Sean |
54 |
>>> |
55 |
>>> On 18-Aug-2006, Andreas Herrmann wrote: |
56 |
>>>> Hi there, |
57 |
>>>> |
58 |
>>>> I want to setup a gateway / firewall solution with Gentoo. The network |
59 |
>>>> has following structure: |
60 |
>>>> |
61 |
>>>> Several host (host[1,...,x].domain.net) are defined within the DNS and |
62 |
>>>> all of them have the same A-Record with the IP 1.2.3.4 |
63 |
>>>> The gateway is listening on its external network interface with the IP |
64 |
>>>> 1.2.3.4 and has an internal interface with a private subnet |
65 |
>>>> (192.168.0.0/24). The hosts (host[1,...,x].) are addressed in this subnet. |
66 |
>>>> |
67 |
>>>> How can it be solved, that the gateway opens a tunnel to the special |
68 |
>>>> host in the private subnet (let.s say 192.168.0.3) if there is a query |
69 |
>>>> for host3.domain.net? |
70 |
>>>> |
71 |
>>>> In my opinion this cannot be done because the client queries the DNS and |
72 |
>>>> simply opens the connection to the IP 1.2.3.4 and the gateway has now |
73 |
>>>> hints how to decide to which internal host the tunnel should be opened. |
74 |
>>>> |
75 |
>>>> But this setup is possible because Microsoft ISA Server exactly does |
76 |
>>>> this job! |
77 |
>>>> |
78 |
>>>> I have no idea how to solve this. First idea was a kernel bridge between |
79 |
>>>> the interfaces. |
80 |
>>>> |
81 |
>>>> Do you have any hints for me? |
82 |
>>>> |
83 |
>>>> Thanks a lot! |
84 |
>>>> |
85 |
>>>> Andreas |
86 |
>>>> |
87 |
>>>> -- |
88 |
>>>> gentoo-server@g.o mailing list |
89 |
>>>> |
90 |
>> |
91 |
>> -- |
92 |
>> gentoo-server@g.o mailing list |
93 |
>> |
94 |
|
95 |
|
96 |
-- |
97 |
gentoo-server@g.o mailing list |