On Tue, Dec 09, 2008 at 08:32:15AM +1100, Rod Whitworth wrote: > On Mon, 8 Dec 2008 16:03:40 -0500, Jason Dixon wrote: > > >On Tue, Dec 09, 2008 at 07:49:04AM +1100, Rod Whitworth wrote: > >> I have a friend who has two internet connections. Lucky B! > >> > >> He wants me to have a look at some of his operation without travelling > >> to his site (loooong way). I would need to be able to effectively > >> duplicate some of his system and make it look like it was still at his > >> site. > >> > >> Hopefully I can keep the ASCII art intelligible. > >> > >> ISP#1------/30 with /29 over it-----Buddy's > >> router---------/30--------ISP#2 > >> | > >> 2 hosts on /29 > >> > >> He proposes that I work out how to use the second connection to "route" > >> all of the traffic from ISP#1 to a spare global IP that I have via > >> ISP#2 and the cloud and duplicate his setup here (the ISP#1 side and > >> hosts). I think "transport" would have been better than "route" but > >> that was his word. > >> > >> IOW the world needs to be able to get to my duplicate of his box and, > >> apart from latency, it should be transparent. > >> > >> Is this even possible? I've been dreaming of binatting the /30 end > >> point, but over a remote link? Don't think so. Some kind of tunnel? > > > >Sounds like you want gre(4). > > Thanks. I've looked at it before but never with a task in mind, so I > looked again now. > > Using the example where I guess Host X is ISP#1, Host A is Buddy's > router, Host B is ISP#2, Host C is my router and Host D is the > duplicate router: > > Will the Host D "look like" the real router? i.e. if from the cloud > somewhere I do "ssh HostA" will I be connecting to A or D? > > I guess the routed subnet should happily get to D so my real concern is > to transparently make D look entirely like A for traffic to and from.
I don't know how to answer your question because the network art above is unreadable. gre(4) will allow you to route networks across a tunnel. Think of it as IPSec without the Sec. It will allow networks that are usually non-routable (rfc1918) to route to each other. It will also allow you to extend segments of your public networks elsewhere. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
