Re: crest.d.o and m68k.d.o

[Michael Schmitz <schmitz@mail.biophys.uni-duesseldorf.de>]

> On Mon, Nov 12, 2007 at 01:28:21AM +0100, Michael Schmitz wrote:
> > Routing/VPN off Duesseldorf would give you a quasi static address (we
> > would need to put a similar mechanism in place to update the route entry,
> > whereas for VPN you would just have to reopen the tunnel after an IP
> > change).
>
> I can recommend OpenVPN there: it'll try reconnecting every five seconds
> if the link dies; it can work with SSL certificates rather than
> passwords; and it's fairly reliable IME.

That would have been my first choice - haven't set it up server side yet
but had good success with an implementation on an off the shelf firewall
solution.

> > I assume iptables can be tweaked to redirect port 22 for crest to port
> > 2622 or whatever on sol, with similar tricks for http and smtp. I would
> > have to look at some example rules to pull it off, though.
>
> Sure. Something like this should work:
>
> iptables -t nat -A PREROUTING -d <old IP of crest> --dport 22 -j REDIRECT --redirect-to <new IP of crest>:2622
>
> if I'm not mistaken (writing this from memory), but at the very least it
> will show you what you need.

Thanks a bunch, I'll give that a try. I may combine tht with a tunnel on
case the biophys guys don't feel comfortable with VPN on the firewall.

Cheers,

	Michael