> Melbourne = 192.168.21.0/24
> Sydney = 192.168.20.0/24
it is a little funky but what about something like this:
have an interface on a box in sydney as part of a third subnet ie
192.168.22.0 which is the other end of the frame relay link. then get
people to point their web browsers and telnet client at that host. that
host then port forwards and masqeurades these connections onto the
192.168.20.0 subnet, but block all ports except 23 & 80.
warning, bad ascii diagram:
sydney [192.168.20.0] --------\
| [192.168.20.?]
gw box 2 gw box 1
[192.168.20.?] [192.168.22.?]
| |
vpn frame relay
| /
[192.168.21.?]---------------/
gw box 3
so the gateway box 3 gets all of the connections that are leaving
melbourne, but is has two static routes, one to the 20 subnet and the
other to the 22 subnet. the vpn and gateway box 2 take traffic for the 20
subnet. the frame relay and gateway box 1 get connections on the 22 subnet
for port 23 and 80 which it then masquerades and forwards onto the 20
subnet.
feasible? maybe
ugly? definately
hack? certainly
;)
later
marty
"I can't buy what I want because it's free. Can't be what they want
because I'm me." - Corduroy, Pearl Jam
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
