Hi all,
here is my problem:
our users at the remote sites are connected to our central
site over the network of a private net-provider. The provider routes only
internal ip-addresses. we have a subnetted 10.8. address range. the remote
users have an application which connects to a server in the internet with
telnet. Because this official server-ip-address isn´t routet by the provider
there is the need to find a solution. up to now i had two ideas:
1. NAT - will this work?
the application config at the remote
site will get a dummy ip address (no real server behind) of a telnet
server. This dummy ip is out of the range of an ip-segment from behind (sight
of the remote hosts) the fw1. The remote Hosts are hidden behind the
official internet address (hide mode). The real Telnet Server is addressed by
static destination mode. Now the rules. I will focus to the
nat-rules.
Source
Destination
Service
source
destination
service
remote network dummy
telnet telnet
netz_hide(H) real telnet
server(S) telnet
I couldn´t find this dupple-Nat in the checkpoint literatur.
A first (quick and dirty) try had no success. the connection was dropped by
the clearing rule.
2. transparent proxying
the second idea is a transparent Proxy. For example a Linux
Host in the local network with the new Kernel 2.4 and iptables. The linux host
then could NAT (and proxying) the remote hosts and the internel IP
address of the Linux Host could be NATed by the FW1.
Will this work?
Any other solutions?
André