Re: ~/.hosts patch

From: Stefan Bethke <stb_at_lassitu.de>
Date: Tue, 4 Jul 2006 00:09:14 +0200
OK, I think I do understand the issue now, and this might or might  
not help in your situation...

Am 30.06.2006 um 23:32 schrieb Brooks Davis:

> The problem is that the client must think it is
> connecting to server.fully.qualified.domain and do so by name because
> the name is passed to the server which misuses in in interesting ways.

At work, we're running a sort-of-VPN to a client of ours using pf and  
ssh with the socks proxy.

On our side, pf redirects all TCP traffic to a certain set of IPs to  
a local process on the internal firewall (IPs identical to the  
customers's network, and we've copyied over their internal DNS  
zones).  The local proxy process (www/transproxy) then uses socks to  
establish a TCP connection via the (permanent) ssh tunnel to the  
clients network.  At the client's side, nothing is required except  
for a sshd configured to allow for dynamic port forwardings (and  
working internal DNS).

 From client software at our end, and our customer's server  
processes, it's virtually indistinguishable from a standard  
connection: the IPs are the same, the DNS names are the same, only  
the origin of the connection in the customer's network is the gateway  
machine, instead of the real client at our end.

This appears to be working quite well with quite a number of standard  
and proprietary protocols.


HTH,
Stefan

-- 
Stefan Bethke <stb_at_lassitu.de>   Fon +49 170 346 0140
Received on Mon Jul 03 2006 - 20:11:47 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:57 UTC