Hi all,
here is my problem:
our users at the remote sites are connected to our central
site over the network of a private net-provider. The provider routes only
internal ip-addresses. we have a subnetted 10.8. address range. the remote users
have an application which connects to a server in the internet with telnet.
Because this official server-ip-address isn´t routet by the provider there is
the need to find a solution. up to now i had two ideas:
1. NAT - will this work?
the application config at the remote site will
get a dummy ip address (no real server behind) of a telnet server. This
dummy ip is out of the range of an ip-segment from behind (sight of the remote
hosts) the fw1. The remote Hosts are hidden behind the official internet
address (hide mode). The real Telnet Server is addressed by static destination
mode. Now the rules. I will focus to the nat-rules.
Source
Destination
Service
source
destination
service
remote network dummy
telnet telnet
netz_hide(H) real telnet
server(S) telnet
I couldn´t find this dupple-Nat in the checkpoint literatur. A
first (quick and dirty) try had no success. the connection was dropped by the
clearing rule.
2. transparent proxying
the second idea is a transparent Proxy. For example a Linux
Host in the local network with the new Kernel 2.4 and iptables. The linux host
then could NAT (and proxying) the remote hosts and the internel IP
address of the Linux Host could be NATed by the FW1.
Will this work?
Any other solutions?
André
|