Le mar 30/03/2004 à 22:50, Antony Stone a écrit : > Okay. You want a VPN (I use http://www.freeswan.org), a simple IP tunnel > (http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.tunnel.ip-ip.html), or > else some clever DNAT rules one end, and SNAT rules the other. I would rather advise GRE tunnel use, for its better interroperability (e.g. Linux IPIP tunnels are not totally functionnal with BSD ones). Moreover, you can have multiple GRE tunnels, although, afaik, you can only have one IPIP tunnel. BTW, you're totaly right, tunneling seems to be the best answer to Cody's problem. NAT based solution will need some packet flaging, usually performed modifying TOS (instead of TTL). But packets may cross routers/firewalls that can reject thoses packets or reset TOS value (or alter TTL). My 0.02€ to the discussion ;) -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
