[nos-bbs] tun0 and more Linux routing commands
George [ham] VerDuin
k8rra at ameritech.net
Mon Apr 25 13:18:47 EDT 2011
How about revisting this topic Jay?
On 02/15/2011 11:53 AM, Jay Nugent wrote:
> Greetings,
>
> Suggestion:
> - Assign the Linux box an IP on your LAN (192.168.1.88)
> - Assign the Linux end of the TUN interface another IP on your LAN
> (192.168.1.44)
>
> On your gateway router to the Internet:
> - Port forward SSH to the Linux address (192.168.1.88)
> In this way you can remotely log onto your Linux machine to
> read mail, perform maintenance, play around.
>
> - Assign the JNOS address (192.168.1.44) as the "DMZ Host".
> This lets everything *other* than SSH (which has been port
> forwarded elsewhere) to be automatically directed to the JNOS
> application (and into its own TCP/IP stack). In this way ALL
> protocols including "IPIP Encapsulation (Protocol-4)" to go
> directly to JNOS.
When we apply the above design the following happens:
1. When we port forward ssh to the Linux host stack we find joy in ssh.
2. When we include DMZ to the jnos stack, jnos becomes happy but we
lose ssh at the host.
It appears to us that DMZ applies absolutely to all traffic and the port
forward is lost.
We find no way to force the ssh port forward to be processed prior to
the DMZ.
As an alternative tactic, we don't seem to be able to selectively
forward IPIP protocol-4 to jnos stack.
SO -- Is this a common issue and what alternatives permit access to both
Linux and JNOS?
Replacing the gateway router is not an option.
Cheers
Skip
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/nos-bbs_lists.tapr.org/attachments/20110425/6cb2676c/attachment.html>
More information about the nos-bbs
mailing list