Dave Mielke wrote:
>
> [quoted lines by Adoram Rogel on November 14, 1999, at 04:57]
>
> >My problem now is this:
> >I opened port 8080 in my firewall to machine X (x is on the inside of the
> >firewall) and I have a ipportfw -A -t X/8080 -R Y/80 rule, where Y is my
> >black box firewall.
> >Looking at tcpdump I can see it work, and the http requests go to Y, but
> >the ack from Y to the client (wherever he is) appear now as coming from
> >Y - the black box firewall, and therefore rejected by the client.
> >The client keeps trying and resending the HTTP requests to X and ignores the
> >ACK that he receives from Y.
> >Now, I can't masquerade the traffic that goes from Y - the black box
> >firewall
> >to the client, because they don't go thru X anymore, X is inside.
>
> I didn't realize that you were dealing with two machines on the same subnet.
> The only way around that is to use a utility like "redir".
So maybe my whole concept is wrong.
Let's thing about it again.
I have a user outside my LAN that needs to telnet in.
He has dynamic IP. My black box firewall has a feature of user login, where
it
will authenticate a user and will then allow him whatever I set up for him.
This login feature is a web-based (HTTP and JAVA) interface.
His ISP is proxying HTTP so when he "arrives" at the login screen he has a
different IP than when he's telneting, so the firewall doesn't recognize
him.
This ip is dynamic, too.
Any solution for this ?
Thanks again, Adoram
