Hello, on 8.1.2009 05:21 n22e113 wrote: > I have been reading but cannot find anything on this! > Q. Is the following possible? (ie. both end points have the same subnet IP > addresses)! > Thanks, Kwon > > fw(leaf)--loc1(192.168.1.0/24) > | +--dmz1(192.168.2.0/24) > | > Internet > +(openvpnz) > | > | > fw(leaf)--loc2(192.168.1.0/24) > +--dmz2(192.168.2.0/24)
As already told it is better fix this right from the start. But to get you screwed up I have seen two documents describing the problem and its possible solutions. At Netfilter.org there are two methods described, double NAT <http://netfilter.org/documentation/HOWTO//netfilter-double-nat-HOWTO.html> and NETMAP netfilter target <http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-4.html> I have no experience in using the above methods for the problem. I would also consider to create new private networks for either side or both, if both sites contain accessible services, ie. create dmz3 (192.168.4.0/23) for masking loc1 and dmz1 and dmz4 (192.168.6.0/23) for loc2 and dmz2. Then you just route between those and NAT needed services or NETMAP whole networks. I haven't checked, if leaf bering uclibc contain netfilter module for NETMAP target. Best regards, Erkki ------------------------------------------------------------------------------ Check out the new SourceForge.net Marketplace. It is the best place to buy or sell services for just about anything Open Source. http://p.sf.net/sfu/Xq1LFB ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
