-----Ursprüngliche Nachricht-----
Gesendet: Montag, 21. Mai 2001
16:35
Betreff: RE: [FW1] NAT and/or Telnet
Proxying
Andre, I'm not quite sure I understand the problem. It sounds like your
provider is giving you only private addresses for your outside network. If
that's true, then the address you're using for NAT will also be private,
right? So you won't be able to get to it from the Internet, at
all.
Unless I misunderstood your post...
--
DS
Hi all,
here is my problem:
our users at the remote sites are connected to our central
site over the network of a private net-provider. The provider routes only
internal ip-addresses. we have a subnetted 10.8. address range. the remote
users have an application which connects to a server in the internet with
telnet. Because this official server-ip-address isn´t routet by the provider
there is the need to find a solution. up to now i had two
ideas:
1. NAT - will this work?
the application config at the remote
site will get a dummy ip address (no real server behind) of a
telnet server. This dummy ip is out of the range of an ip-segment from
behind (sight of the remote hosts) the fw1. The remote Hosts are hidden
behind the official internet address (hide mode). The real Telnet
Server is addressed by static destination mode. Now the rules. I will focus
to the nat-rules.
Source
Destination
Service
source
destination
service
remote network dummy
telnet telnet
netz_hide(H) real telnet
server(S) telnet
I couldn´t find this dupple-Nat in the checkpoint
literatur. A first (quick and dirty) try had no success. the connection was
dropped by the clearing rule.
2. transparent proxying
the second idea is a transparent Proxy. For example a
Linux Host in the local network with the new Kernel 2.4 and iptables. The
linux host then could NAT (and proxying) the remote hosts and the
internel IP address of the Linux Host could be NATed by the
FW1.
Will this work?
Any other solutions?
André
