On 09/12/2007 10:51 AM, PETER EASTHOPE wrote:
Hello Karl & others,
[...]
Hello Peter.
I need to separate packets according to IP address.
Here I want to make a tunnel using port 22. The
openvpn man page describes a tunnel between machines
May and June. When May receives a packet marked
port 22 she should check the address. If it is
from June, it is for openvpn. From any other
address it is for ssh. June behaves symmetrically.
A port 22 packet from May is handed over to openvpn
and a port 22 packet from any other address is for ssh.
For communicating between themselves, May and June
can safely use telnet inside the tunnel. For
communicating with other systems, ssh will work
over port 22.
Can iptables or anything else, separate packets
this way? [...]
Yes. You can use port redirection in iptables. Read "man iptables" and
get a good iptables tutorial online. The redirection would be done in
the 'nat' table. I'm not an iptables expert, but it might go something
like this:
iptables -t nat -A PREROUTING -p tcp -s 12.140.16.4 --sport 22 -j
REDIRECT --to-port 4122
12.140.16.4 is June. Now you would reconfigure openvpn on May to listen
on port 4122. Connections to port 22 on May would be redirected to port
4122 on May only if they come from 12.140.16.4. Otherwise, the
connection would go directly May's port 22 which should be running sshd.
The iptables line I wrote above may need some massaging to work right,
and almost certainly many more iptables rules will be needed, but I hope
that will give you a good start.
(I'm assuming you're subscribed, so I won't CC you.)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
