[plug] Slightly OT? cascading proxies
Campbell, David (Ex AS17)
david.j.campbell at honeywell.com
Wed Oct 4 15:51:56 WST 2000
>>> What I'd like to be able to achieve is to give my users who are at
>>> the "remote" site (= foreign subnet) access to the local resources.
>>> There is no chance of holes being punched in firewalls (already
>>> explored this avenue) and the owners of the local subnet resources
>>> cannot / will not allow for additional subnets to be part of the
>>> list of "friendly" subnets.
>> Use IPMasq/IPChains and convert the remote subnet IP numbers into
>> IP numbers which appear to be local.
> Eh? .. How will that work (or rather, be implemented)?
> Sorry to keep it on the list, but that sounds very interesting.
It is achieved by building a Virtual Private Network, the exact
methodology is dependent on where Linux boxes can be installed.
The critical bit here is to remember that IPMasq/IPChains can
map an entire sub-net into a single IP number on another network.
For example, my home PC setup:
ISP <==MODEM==> Dialup Box [486+Linux] <==+ 10 MBit Lan
PC1 = 126.96.36.199
PC2 = 188.8.131.52
Dialup Box = 184.108.40.206 + ISP_IP_Number
The dialup box converts the requests from PC1 & PC2 into
the IP number provided by the ISP (via PPP).
Using the above example, throw a Linux box as a bridge between
the remote LAN and the local LAN and translate requests
comming from the remote site into a single IP number on the
local LAN (and hence is OK).
I hope this sheds some light on my suggestion...
More information about the plug