On Tue, Mar 09, 2004 at 08:46:46AM +0000, Antony Stone wrote: > On Tuesday 09 March 2004 7:54 am, Nilesh wrote: > > > 203.129.224.149 is my firewall machine running > > IPTABLES and 192.168.0.22 is my local machine on 2090 > > port service is running > > > > 202.129.227.3 is his firewall IP and 192.168.1.25 is > > his local machine where on 2090 port services is > > running > > > > I want to communicate this both internal > > machines(192.168.0.22 and 192.168.1.25) through > > firewall > > If you want his 192.168.1.0/24 network to be able to communicate with your > 192.168.0.0/24 network then you should investigate IP in IP tunnelling / > encapsulation (see the Linux Advanced Routing Guide at http://lartc.org for a > simple guide to how to do this), or else set up a VPN (eg : FreeS/WAN, or the > IPsec implementation built into the 2.6 kernel). Or he could use MASQ on both sides with 2 dnat rules on 203.129.224.149 iptables -t nat -I postrouting -o IF_INTERNET -s 192.168.0.22 -p tcp --dport 2090 -j MASQUERADE iptables -t nat -I prerouting -i IF_INTERNET -d 203.129.224.149 -s 202.129.227.3 -p tcp --dport 2090 -j DNAT 192.168.0.22 iptabes -t filter -I INPUT -i IF_INTERNET -d 203.129.224.149 -p tcp --dport 2090 and then the reverse on the other side. Presumed tcp and could use SNAT instead of MASQ > > Regards, > > Antony. > > -- > If at first you don't succeed, destroy all the evidence that you tried. > > Please reply to the list; > please don't CC me. > > >
Attachment:
signature.asc
Description: Digital signature
