--- mathieu perrenoud <[EMAIL PROTECTED]> wrote: > [...] > > > Internally you run a web server at 192.168.1.1 and a mail server at > > 192.168.1.2. > > I guess your missing the point there.
I guess you could be correct, because I was simply making a guess based on the info that he previously posted. I certainly didn't come to the conclusion that you did. Wouldn't be the first time and certainly won't be the last. Thanks for the correction. > I think he wants 'ssh box1.foobar.com' routed to box1 and 'ssh > box2.foobar.com' routed to box2. And without port redirecting tricks > like > 'ssh box1.foobar.com -p 8022', 'ssh box2.foobar.com -p 7022'. > > This would involve routing based not on IP or port, but on hostname > which is > encapuslated on higher protocol levels (e.g. http,ftp). And this > surely can't > be achieved with iptables, shorewall or any low level based internet > filter. If he is in fact trying to ssh to more than one pc with only one public ip address his choices are limited to what has already been explained by previous responses. He could always tunnel vnc through ssh to one central box internally and then ssh from there to any machine he wants. Port redirection is a cake walk. And seems to be his only alternative given his limited resources. Namely (one public ip address) There's still choices that are workable to achieve his goal. Shorewall can redirect ports via one text line per host. That would take less than one minute for 5-10 host's. Seems trivial to me if this is to much work. JBanks __________________________________ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/ -- [EMAIL PROTECTED] mailing list
