[plug] Slightly OT? cascading proxies

Campbell, David (Ex AS17) david.j.campbell at honeywell.com
Wed Oct 4 15:51:56 WST 2000

>>> What I'd like to be able to achieve is to give my users who are at
>>> the "remote" site (= foreign subnet) access to the local resources.
>>> There  is no chance of holes being punched in firewalls (already
>>> explored this avenue) and the owners of the local subnet resources
>>> cannot / will not allow for additional subnets to be part of the
>>> list of "friendly" subnets.
>> Use IPMasq/IPChains and convert the remote subnet IP numbers into
>> IP numbers which appear to be local.
> Eh? .. How will that work (or rather, be implemented)?
> Sorry to keep it on the list, but that sounds very interesting.

It is achieved by building a Virtual Private Network, the exact
methodology is dependent on where Linux boxes can be installed.
The critical bit here is to remember that IPMasq/IPChains can
map an entire sub-net into a single IP number on another network.

For example, my home PC setup:

ISP <==MODEM==> Dialup Box [486+Linux] <==+ 10 MBit Lan
                                          +==> PC1
                                          +==> PC2

PC1 =
PC2 =
Dialup Box = + ISP_IP_Number

The dialup box converts the requests from PC1 & PC2 into
the IP number provided by the ISP (via PPP).

Using the above example, throw a Linux box as a bridge between
the remote LAN and the local LAN and translate requests
comming from the remote site into a single IP number on the
local LAN (and hence is OK).

I hope this sheds some light on my suggestion...

David Campbell

More information about the plug mailing list