/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
I'm trying to decide if IP Masquerading is what I'm looking for, to solve a
particular problem. I've looked through the HOWTO, and the IPMasq site, and
I haven't found the answer, so I thought I'd be best trying the list. I
apologise in advance if I've missed an existing answer to my question - I
did try, but I'm not a network expert, so I may have missed something
obvious.
My situation is this. I am working from inside a corporate network, with a
large internal infrastructure. We supply remote system management services
to various customers. One of our clients is unwilling to grant anything more
than limited access to their network - specifically, they want all traffic
to come from a single server on our network.
My initial thought was that we needed some form of proxying service, but the
number of protocols involved (FTP, telnet, PC Anywhere, VNC, Oracle SQL*Net,
SMB file sharing) made a service-by-service solution look unworkable.
Looking at IP Masquerading, it seemed to me that it would be ideal - have a
single Linux box acting as an IP gateway to the customer site.
On reading further, the problem I have is that all of the documents I have
found, talk about making the Linux box with IPMasq into the default gateway
for the whole internal network. This is not feasible for me, as I'm not in a
position to modify our existing network setup (not least because I'm not
competent to understand the issues!!!)
What I want is for the IPMasq server to be used only for connections to this
particular customer's servers. I *think* that I just need to make the IPMasq
box the route for the specific customer machines, but (a) will this work,
and (b) is it practical? (There's also (c) how do I do it, but that's for me
to work out, not something for the list...) If it matters, the client
machines within our network are all running Windows 2000 Professional. I'd
be looking at having a SuSE 8.0 Professional (Kernel 2.4) box as the Linux
server.
Rough diagram:
+---+ +---+
| | | | Client PCs on internal LAN
+---+ +---+
| |
| |
+---+---+---------> internal LAN backbone
|
|
+---+---+
| Linux |
| Server|
+-------+
|
|
|
V
Customer network
The Linux server is "just another machine" on our internal LAN - its only
distinction is that it has a fixed IP address which has been given access
through our firewall to the customer LAN.
Is IP Masquerading what I want here, or should I be looking elsewhere for a
solution?
Thanks,
Paul Moore.
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
