Re: crest.d.o and m68k.d.o
On Mon, Nov 12, 2007 at 04:46:51AM +0100, Michael Schmitz wrote:
> > On Mon, Nov 12, 2007 at 01:28:21AM +0100, Michael Schmitz wrote:
> > > Routing/VPN off Duesseldorf would give you a quasi static address (we
> > > would need to put a similar mechanism in place to update the route entry,
> > > whereas for VPN you would just have to reopen the tunnel after an IP
> > > change).
> >
> > I can recommend OpenVPN there: it'll try reconnecting every five seconds
> > if the link dies; it can work with SSL certificates rather than
> > passwords; and it's fairly reliable IME.
>
> That would have been my first choice - haven't set it up server side yet
> but had good success with an implementation on an off the shelf firewall
> solution.
>
> > > I assume iptables can be tweaked to redirect port 22 for crest to port
> > > 2622 or whatever on sol, with similar tricks for http and smtp. I would
> > > have to look at some example rules to pull it off, though.
> >
> > Sure. Something like this should work:
> >
> > iptables -t nat -A PREROUTING -d <old IP of crest> --dport 22 -j REDIRECT --redirect-to <new IP of crest>:2622
> >
> > if I'm not mistaken (writing this from memory), but at the very least it
> > will show you what you need.
>
> Thanks a bunch, I'll give that a try. I may combine tht with a tunnel on
> case the biophys guys don't feel comfortable with VPN on the firewall.
Now that it's morning rather than night: it's DNAT rather than REDIRECT
--
<Lo-lan-do> Home is where you have to wash the dishes.
-- #debian-devel, Freenode, 2004-09-22
Reply to: