[Leaf-user] Dachstein migration successful! - General routing question.
Got my ip aliasing/forwarding and all working on dachstein. Very happy about that. Great piece of work! Now for an interesting problem: One guy behind my leaf firewall needs a securemote (Checkpoint) connection to company b. He has a Win2k workstation. As I understand from searching the newsgroups, this isn't possible with Linux, although I would love to be corrected on that one. So I am looking for some opinions on a solution. Could I just do some routing magic on the win2k workstation to bypass the leaf router only for that securemote ip address? For something like that to work would the workstation need a second nic? Or can I just plug all the Internet/Leaf wires into the same switch, and then give computer 3 a default gateway of 208.x.x.1 for the address in question? Any security issues? [Internet] | eth0 208.x.x.13 | LEAF Box (DF 208.x.x.1) | | eth1 192.168.1.254 | --- | | Computer 2Computer 3 (needs to use securemote client) (192.168.1.2) (192.168.1.3) Thanks very much, Boyd ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
RE: [Leaf-user] Dachstein migration successful! - General routing question.
FWIW, a quick check on google for "securemote linux nat" turned up http://www.phoneboy.com/faq/0372.html and http://www.phoneboy.com/faq/0141.html. -Richard > Got my ip aliasing/forwarding and all working on dachstein. > Very happy > about that. Great piece of work! > > Now for an interesting problem: > > One guy behind my leaf firewall needs a securemote (Checkpoint) > connection to company b. He has a Win2k workstation. As I understand > from searching the newsgroups, this isn't possible with > Linux, although > I would love to be corrected on that one. > > So I am looking for some opinions on a solution. Could I just do some > routing magic on the win2k workstation to bypass the leaf router only > for that securemote ip address? For something like that to work would > the workstation need a second nic? Or can I just plug all the > Internet/Leaf wires into the same switch, and then give computer 3 a > default gateway of 208.x.x.1 for the address in question? > > Any security issues? > > > > [Internet] > | > eth0 208.x.x.13 > | > LEAF Box (DF 208.x.x.1) | > | > eth1 192.168.1.254 > | > --- > | | > Computer 2Computer 3 (needs to use > securemote client) > (192.168.1.2) (192.168.1.3) > > > Thanks very much, > > Boyd > > ___ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
Re: [Leaf-user] Dachstein migration successful! - General routing question.
> One guy behind my leaf firewall needs a securemote (Checkpoint) > connection to company b. He has a Win2k workstation. As I understand > from searching the newsgroups, this isn't possible with Linux, although > I would love to be corrected on that one. Sounds a lot like the securemote client is simply an IPSec implementation. There are lots of details about masquerading an IPSec connection in the list archives, and all the gory details can be found in the VPN-Masquerade-HOWTO. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) ___ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
