Hi I would recommend you: VPN (tinc, openvpn) between router1 and router2 and set router2 to be dafault gw for router1 but, for example, tinc is running different port than 22, so create SSH tunnel from router1 to router2 on router1 type: ssh -L <anythingYouWant>:localhost:<VPNport> router2 and then force all VPN (maybe tinc..) packets not to go directly from router1 to riuter2, but trouhg VPN. try on router1 iptables -t nat -A OUTPUT -d router2 --dport <VPNport> -j REDIRECT --to-port <anythingYouWant> I am not sure, if it will work, but it may help you. Best regards Matis > > I have this kind of network: > > /==========\ /==========\ /==========\ > | ROUTER 1 |---| FIREWALL |---| INTERNET | > \==========/ \==========/ \==========/ > | | > /==========\ /==========\ > | LAN | | ROUTER 2 | > \==========/ \==========/ > > The firewall allows only ports 80 and 443 to the internet and 22 > to the ROUTER 2. It also allows everything from ROUTER 2 to the > internet. Fortunately, I have root access to ROUTER 2. So the > question is: can I make a tunnel from ROUTER 1 to ROUTER 2 only > via port 22 (ssh) so that I could gain full access to the internet? > > (Problem is that our server on the internet have all set nonstandart > ports set and the only way for us to access them is either [connect to > ROUTER 2 and then connect to the servers] or [make a bunch of single > ssh tunnels to the servers via ROUTER 2].) _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
