On Tue, Mar 09, 2004 at 09:20:04AM +0000, Antony Stone wrote: > On Tuesday 09 March 2004 9:10 am, Alexander Samad wrote: > > > On Tue, Mar 09, 2004 at 08:46:46AM +0000, Antony Stone wrote: > > > On Tuesday 09 March 2004 7:54 am, Nilesh wrote: > > > > 203.129.224.149 is my firewall machine running > > > > IPTABLES and 192.168.0.22 is my local machine on 2090 > > > > port service is running > > > > > > > > 202.129.227.3 is his firewall IP and 192.168.1.25 is > > > > his local machine where on 2090 port services is > > > > running > > > > > > > > I want to communicate this both internal > > > > machines(192.168.0.22 and 192.168.1.25) through > > > > firewall > > > > > > If you want his 192.168.1.0/24 network to be able to communicate with > > > your 192.168.0.0/24 network then you should investigate IP in IP > > > tunnelling / encapsulation (see the Linux Advanced Routing Guide at > > > http://lartc.org for a simple guide to how to do this), or else set up a > > > VPN (eg : FreeS/WAN, or the IPsec implementation built into the 2.6 > > > kernel). > > > > Or he could use MASQ on both sides with 2 dnat rules > > True, however this is not a scalable solution (won't work for more than one > client or server at each end of the link for example), and it means that the > client and server see the public addresses of the other end, not the private > ones (although you could probably overcome this with another couple of SNAT > rules loaded on top). true just doing it simple for the one off > > It would probably work okay in a restricted situation such as Nilesh > specified, however. > > Regards, > > Antony. > > -- > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > A: Top-posting. > Q: What is the most annoying thing on usenet and in e-mail? > > >
Attachment:
signature.asc
Description: Digital signature