A friend told me that ISA server is able to this and it actually works.
I also cannot believe this because the FQDN isn't send with the SSH
request. Maybe it is done indirectly ny tunneling SSH in HTML if this is
possible.
Yes, with different ports it can by easily solved by NAT.
I think there is no direct solution for this problem if you just want to
use simple SSH. The gateway cannot decide about the destination host
because the FQDN isn't transmitted in the establishment of a SSH
connection. Is this true?
Andreas
Sean Cook schrieb:
Is ISA server doing this for SSH,Mail ...? SSH in particular would be
extremely difficult unless you nat a different port for each host. The only
reason you are able to do this is that http passes the hostname with the
request to the webserver and the proxy can determine how to handle it.
Sean
On 18-Aug-2006, Andreas Herrmann wrote:
We don't have enough public IP's but we want to have several real
servers for different customers (SSH, Mail, etc.) in the private subnet.
I also plan to switch from Microsoft ISA Server to an
Open-Source-Solution with Linux. The solution can be simply done for
webservers, but we need a solution for several services.
I try to figure out the problem with a simple example:
host1.domain.net IN A 1.2.3.4
host2.domain.net IN A 1.2.3.4
The gateway (1.2.3.4) should dynamicaly open a tunnel to
192.168.0.1 if the query is for host1.domain.net
and to
192.168.0.2 if the query is for host2.domain.net
If you need more details feel free to ask.
Andreas
Sean Cook schrieb:
My question is really what is the purpose? Are these webservers? Do they
have different services? You could use apache with mod_proxy for
webservices...
If you can give a few other details as to what you are trying to
accomplish,
I might be able to help a bit more.
Sean
On 18-Aug-2006, Andreas Herrmann wrote:
Hi there,
I want to setup a gateway / firewall solution with Gentoo. The network
has following structure:
Several host (host[1,...,x].domain.net) are defined within the DNS and
all of them have the same A-Record with the IP 1.2.3.4
The gateway is listening on its external network interface with the IP
1.2.3.4 and has an internal interface with a private subnet
(192.168.0.0/24). The hosts (host[1,...,x].) are addressed in this subnet.
How can it be solved, that the gateway opens a tunnel to the special
host in the private subnet (let.s say 192.168.0.3) if there is a query
for host3.domain.net?
In my opinion this cannot be done because the client queries the DNS and
simply opens the connection to the IP 1.2.3.4 and the gateway has now
hints how to decide to which internal host the tunnel should be opened.
But this setup is possible because Microsoft ISA Server exactly does
this job!
I have no idea how to solve this. First idea was a kernel bridge between
the interfaces.
Do you have any hints for me?
Thanks a lot!
Andreas
--
[email protected] mailing list
--
[email protected] mailing list
--
[email protected] mailing list
