/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
"Wood, Jason" wrote:
> Hi all,
>
> I'm fairly new to masquerading/firewalling/etc, have looked through various
> HOWTOs but am still not certain if I have found the right place or not,
> so....
>
> We currently have a demo NT product (WinGate) that does name translation
> from an outside vendors VAN to our internal Y2K network. The server has two
> ethernet cards, one connected to the VAN, the other to our Y2K network. What
> the software does is that it allows the VAN ethernet to be mapped to
> multiple addresses and when a connection comes in on that address, directs
> it to one of our Y2K servers via the second ethernet card. For example:
> Someone on the VAN telnets to 1.2.3.4 (NT server), WinGate then changes the
> header packets to point to 192.168.1.2 and the VAN connected people are now
> on our Y2K server. We can setup multiple IP addresses for the VAN card
> (IP-Aliasing) to map them to multiple servers in our Y2K lab. This works
> fine, except the demo only allows connection to one mapped server at a time
> and we are having difficulties contacting the vendor to purchase a license.
Jason,
A great alternative to WinGate is Sygate (www.sygate.com). The clients
connecting to Wingate usually must be Windows systems since the
"Wingate Internet Client" must be installed on the clients accessing
the Internet via the gateway. Sygate is better because it acts as a full
Internet Gateway (RFC1009). This means that any system (like Linux)
can access the Internet simply by setting the TCP/IP subsystem's
gateway IP address to the IP address of your gateway machine.
As far as I know, Wingate cannot do this. Wingate has to actually
open up listening sockets on the internal network to listen to internal
requests, and then open up outgoing sockets on the external
network (Internet) to the real IP address. Since Sygate acts like
a real gateway, more programs (and OS's) tend to work more
reliably and setup is minimal (if any) on the Sygate server.
good luck,
Scott.
> Now I know IP-Aliasing can get me the multiple addresses on the one ethernet
> card, but would I use IP-Masquerading to do the mapping or would I need to
> look elsewhere.
>
> TIA,
>
> Jason
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
