Local client auth via NAT ( possible solution )
Steven Hartland
killing at barrysworld.com
Thu Dec 18 06:17:11 EST 2003
Had a flash of insperation this morning I think the following might just
work.
If we have this picture:
NAT box: internal 10.10.10.1, external 1.1.1.1
Server: internal 10.10.10.2
Client: internal 10.10.10.3
If we change this to:
NAT box: internal 10.10.10.1, external 1.1.1.1
Server: internal 10.10.10.2, fake 1.1.1.2 (alias)
Client: internal 10.10.10.3, fake 1.1.1.1 (alias)
And then force the client to connect to the server on 1.1.1.2 the ip reported
in the packet sent to the master will be the ip of the NAT (1.1.1.1) and hence
if port forwarding is setup correctly the auth packet will be forwarded
to the client on 10.10.10.3 and it will all just work.
Adding the 1.1.1.X aliases to the internal machines wont affect conectivity
as they have no routes to the outside world so all external connectivity
will be done via the NAT'ed addresses.
I cant test this here as I dont have NAT but Im pretty confident it will work.
Steve / K
More information about the Cod
mailing list