Andreas Herrmann wrote: > Hi there, > > I want to setup a gateway / firewall solution with Gentoo. The network > has following structure: > > Several host (host[1,...,x].domain.net) are defined within the DNS and > all of them have the same A-Record with the IP 1.2.3.4 > The gateway is listening on its external network interface with the IP > 1.2.3.4 and has an internal interface with a private subnet > (192.168.0.0/24). The hosts (host[1,...,x].) are addressed in this > subnet. > > How can it be solved, that the gateway opens a tunnel to the special > host in the private subnet (let.s say 192.168.0.3) if there is a query > for host3.domain.net? > > In my opinion this cannot be done because the client queries the DNS > and simply opens the connection to the IP 1.2.3.4 and the gateway has > now hints how to decide to which internal host the tunnel should be > opened. > > But this setup is possible because Microsoft ISA Server exactly does > this job! > > I have no idea how to solve this. First idea was a kernel bridge > between the interfaces. > > Do you have any hints for me? > > Thanks a lot! > > Andreas > Microsoft ISA Server is a Firewall/Proxy/Reverse-Proxy ...
So in your case, I suppose it does a reverse proxy job (not a tunneling, just working as a web client for internal network). I already replaced several ISA server with GNU/Linux solutions, with the help of Apache and his mod_proxy ... that's imho your solution. -- . /mRyOuNg/ . [ SoundBomb . Syn[Rj] ] . mail: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> web : mryoung.soundbomb.net <http://mryoung.soundbomb.net/> -- [email protected] mailing list
