OK, I think I do understand the issue now, and this might or might not help in your situation... Am 30.06.2006 um 23:32 schrieb Brooks Davis: > The problem is that the client must think it is > connecting to server.fully.qualified.domain and do so by name because > the name is passed to the server which misuses in in interesting ways. At work, we're running a sort-of-VPN to a client of ours using pf and ssh with the socks proxy. On our side, pf redirects all TCP traffic to a certain set of IPs to a local process on the internal firewall (IPs identical to the customers's network, and we've copyied over their internal DNS zones). The local proxy process (www/transproxy) then uses socks to establish a TCP connection via the (permanent) ssh tunnel to the clients network. At the client's side, nothing is required except for a sshd configured to allow for dynamic port forwardings (and working internal DNS). From client software at our end, and our customer's server processes, it's virtually indistinguishable from a standard connection: the IPs are the same, the DNS names are the same, only the origin of the connection in the customer's network is the gateway machine, instead of the real client at our end. This appears to be working quite well with quite a number of standard and proprietary protocols. HTH, Stefan -- Stefan Bethke <stb_at_lassitu.de> Fon +49 170 346 0140Received on Mon Jul 03 2006 - 20:11:47 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:57 UTC