Re: dyn. SNAT based on different source addresses?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Amos Jeffries <squid3@treenet.co.nz>
To: Meike Stone <meike.stone@googlemail.com>, netfilter@vger.kernel.org
Subject: Re: dyn. SNAT based on different source addresses?
Date: Thu, 09 Oct 2014 00:56:01 +1300	[thread overview]
Message-ID: <54352651.4050101@treenet.co.nz> (raw)
In-Reply-To: <CAFNHiA9-omeMK+2P+oadxRMmp1mYXVWSuZAH-XqZnA5Qrdf+NA@mail.gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 8/10/2014 8:01 p.m., Meike Stone wrote:
>> Except a gre tunnel is not that easy on a Windows TS or at all on
>> a windows machine. The main issue is that he has 200+ machines in
>> one subnet that needs access to the other one...
> 
> Not exactly, the terminal servers are located in different subnets
> in one company, so NETMAP here is suboptimal  ....
> 
>> 
>> The options I now that works in windows are pptp(with internal
>> GRE), l2tp, openvpn and maybe couple others.
> 
> Thanks for the ideas. But tunnels are not an option. Admins on TS
> are running the strategy "never change a running system", because
> the TS are fragile ...
> 
> Routing betwenn the two companies is not possible (overlapping ip 
> networks, different security policies, ..) Thats is the reason for
> the DNAT rules ... The TSs access to the fileserver over a IP in
> the own network.
> 
> Thought, I can solve the porblem with iptables ... iptables is so
> mighty ...

Have you considered implementing IPv6 on both of the networks? It is
designed to resolve just this type of problem set.

AYJ

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBAgAGBQJUNSZRAAoJELJo5wb/XPRjxF4H/j/bpGoiYZQ3q0H94qjuE+Rq
bJrAwXgHqDoSTSs8h0FzunFlVnDVh1ylDHNMmHhhVAI9RjZ18VdorwXrGieZqQuG
i3B0JNFyFj/AZUaNu6GlhPdkGNdAWFokFkcq2BGEOZ3E1XV3JoQ7+vrrZXBKY6vC
5bV8WRLnNa3fvWPP+wPcy32xDNAly6Jbo1uBYWIlROUcfXMfpsahXCxEQ/vTThMk
c86gtQ+KtEya2v/vr+HGetMwPxUdzCXUPmKk74gLwgNfK1aU+cN7NbvAxSBTh2BG
UqhnSmM5b7JlXDW6dZA09dmadl4gDQgLpVjFLobU7+kgM2ViSW6MUuEFd5aWKSc=
=Ntme
-----END PGP SIGNATURE-----

     prev parent reply	other threads:[~2014-10-08 11:56 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-07 18:27 dyn. SNAT based on different source addresses? Meike Stone
2014-10-07 19:56 ` Eliezer Croitoru
2014-10-07 22:15   ` Meike Stone
2014-10-07 22:27     ` Neal Murphy
2014-10-07 23:28       ` Eliezer Croitoru
2014-10-08  7:01         ` Meike Stone
2014-10-08 11:56           ` Amos Jeffries [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=54352651.4050101@treenet.co.nz \
    --to=squid3@treenet.co.nz \
    --cc=meike.stone@googlemail.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.