On Mon, Mar 10, 2003 at 11:32:00PM -0600, Ryan Thompson wrote:
> 
> (So, it is not possible, for instance, to set up port based NAT for
> inbound SSH, which is one of two things I'd normally do). The server
> can, however, initiate arbitrary outbound connections.

Then I'd suggest creating a ppp-over-ssh tunnel ala Greg Bond's

http://www.itga.com.au/~gnb/vpn/

Have (Server) initiate the tunnel, and let the other end of the tunnel
terminate at (Manager).  You can then use the tunnel to effectively bypass 
the NT NAT box.

>                <--- NAT --->
> [ Server ] --- [ NT Gateway ] --- { Internet } --- [ Manager ]
> 192.168.0.2    192.168.0.1                         207.1.1.1
>                  24.1.1.1
      tun0                                               tun0
  172.16.16.1 <------------------------------------> 172.16.16.2

Once the tunnel comes up, (Manager) should be able to ssh at will 
into 172.16.16.1 interactively.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to