Re: dyn. SNAT based on different source addresses?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Eliezer Croitoru <eliezer@ngtech.co.il>
To: netfilter@vger.kernel.org
Subject: Re: dyn. SNAT based on different source addresses?
Date: Wed, 08 Oct 2014 02:28:31 +0300	[thread overview]
Message-ID: <5434771F.6010301@ngtech.co.il> (raw)
In-Reply-To: <201410071827.44706.neal.p.murphy@alum.wpi.edu>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/08/2014 01:27 AM, Neal Murphy wrote:
> Would a plain unencrypted GRE tunnel between the TS and the file
> server alleviate the problem? Or if data security is a concern, set
> up a proper VPN between them. And use iptables (and other firewalls
> as necessary) to limit traffic as desired whether it's a simple
> tunnel or a VPN. (You don't want the tunnel to be an easy bypass
> around the firewall.)
+1 on this.
Except a gre tunnel is not that easy on a Windows TS or at all on a
windows machine.
The main issue is that he has 200+ machines in one subnet that needs
access to the other one...

The options I now that works in windows are pptp(with internal GRE),
l2tp, openvpn and maybe couple others.

In this case the GW machine is a linux machine and can be used or
being used as the default gateway.
If it's the gateway it will be pretty simple to setup using a VPN but
he will need to address all sorts of details in the domain level(if used).

Eliezer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUNHcfAAoJENxnfXtQ8ZQU4FAIAJlItszd7wnPBKoLHq2qWOT6
1imYjfq33NIlOZETKCNkBep0bfKkqLvFUFdHe9uaChunXVBBbdDJF5FYqKmfm43X
qdD0m2pNfuy64cvGUwy58YycqtWCXarPgbMl/TGS4Xc0qx3MsZtgibwpkRMOTOiI
++8c7Km0xVzHuGv14WWXnKwSMs7O4nPg2/JXjKwP/FeK6zxuFJE2g/plqxOCOXDN
f/6HakMf+savsbkREORBXi6PVBSr30ByYn6BP1w9os0OwfsXJO2GYei1FnmZ8yot
aIXCIijmNNMrEShJPkX7heJaquGYZ/5NcWIM32ahl1F0imEjCICaq215mt9Nvho=
=qUpW
-----END PGP SIGNATURE-----

next prev parent reply	other threads:[~2014-10-07 23:28 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-07 18:27 dyn. SNAT based on different source addresses? Meike Stone
2014-10-07 19:56 ` Eliezer Croitoru
2014-10-07 22:15   ` Meike Stone
2014-10-07 22:27     ` Neal Murphy
2014-10-07 23:28       ` Eliezer Croitoru [this message]
2014-10-08  7:01         ` Meike Stone
2014-10-08 11:56           ` Amos Jeffries

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5434771F.6010301@ngtech.co.il \
    --to=eliezer@ngtech.co.il \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.