~/.hosts patch
Stefan Bethke
stb at lassitu.de
Mon Jul 3 22:11:47 UTC 2006
OK, I think I do understand the issue now, and this might or might
not help in your situation...
Am 30.06.2006 um 23:32 schrieb Brooks Davis:
> The problem is that the client must think it is
> connecting to server.fully.qualified.domain and do so by name because
> the name is passed to the server which misuses in in interesting ways.
At work, we're running a sort-of-VPN to a client of ours using pf and
ssh with the socks proxy.
On our side, pf redirects all TCP traffic to a certain set of IPs to
a local process on the internal firewall (IPs identical to the
customers's network, and we've copyied over their internal DNS
zones). The local proxy process (www/transproxy) then uses socks to
establish a TCP connection via the (permanent) ssh tunnel to the
clients network. At the client's side, nothing is required except
for a sshd configured to allow for dynamic port forwardings (and
working internal DNS).
From client software at our end, and our customer's server
processes, it's virtually indistinguishable from a standard
connection: the IPs are the same, the DNS names are the same, only
the origin of the connection in the customer's network is the gateway
machine, instead of the real client at our end.
This appears to be working quite well with quite a number of standard
and proprietary protocols.
HTH,
Stefan
--
Stefan Bethke <stb at lassitu.de> Fon +49 170 346 0140
More information about the freebsd-current
mailing list