so far no answer ... what is the right place to ask this ?
Thx,
Jan
On Thu, 26 Jul 2001, Jan Vicherek wrote:
>
> Hi,
>
> This is a question for experts, I guess :
>
> I have two machines A and B. Both are on the Net, with A-public-IP and
> B-public-IP. But B is not allowed to accept any connections from the Net
> (from public) on B-public-IP (except for a VPN ssl-VPN connection from
> machine A). Machine A is allowed to accept any connections, but it doesn't
> have the software needed to properly respond to the incoming TCP or UDP
> requests. So it needs to forward *all* (except for SSH port) incoming
> traffic requests to machine B. (I already have a ssl-pppd-based VPN
> tunneling from private network traffic between A and B).
>
> How do I configure Linux-2.4.x + ipchains + whatever (do I need any
> other software?) on these two machines A&B, to be able to:
>
> 1. originate ftp/http/telnet/ssh connections from machineA's A-public-IP
> to the Net.
>
> 2. any requests incoming into machineA+A-public-IP forward to machineB's
> A-public-IP, process and respond back on machineB's A-public-IP,
> forwarding back to machine A, coming out of machineA's A-public-IP to the
> requestor on the net. ( The reason why I need A-public-IP on machine B is
> because the protocols that B handles, sometimes include in their payload
> the IP and port of the machine processing the requets, which has to be
> A-public-IP, because the client would then contact that IP in the payload,
> and only machine A is allowed to accept connections from public.
>
> Another way to say this is : Machine A forwards *all* incoming TCP & UDP
> traffic to the same IP on machine B. Except that A has to be able to
> accept port 22 from the Net and originate ftp/http/telnet/ssh connections
> onto the Net through A-public-IP.
>
> How do I need to configure A & B ? (ipchains ? ip route ? dummy
> interfaces ? ppp interfaces ? )
>
> Thanx in advance,
>
> *all* comments on this topic are welcome !
>
> Jan
>
> PS: I didn't find this in the HOWTO, I guess this kind of setup is quite
> rare.
>
> PS2: Under this kind of setup, a machine C on the net could do
> contact ftp://A-public-IP/, and it would be machine B (*not* machine A),
> which would be running the FTP server. And all the FTP modes that would
> work on machine A would work under the setup I'm seeking to establish.
>
>
--
-- Gospel of Jesus is the saving power of God for all who believe --
## To some, nothing is impossible. ##
http://Honza.Vicherek.com/
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
