Hi
I would recommend you:
VPN (tinc, openvpn) between router1 and router2 and set router2
to be dafault gw for router1
but, for example, tinc is running different port than 22,
so create SSH tunnel from router1 to router2
on router1 type: ssh -L <anythingYouWant>:localhost:<VPNport>
router2
and then force all VPN (maybe tinc..) packets not to go directly from router1
to riuter2, but trouhg VPN. try on router1
iptables -t nat -A OUTPUT -d router2 --dport <VPNport> -j REDIRECT
--to-port
<anythingYouWant>
I am not sure, if it will work, but it may help you.
Best regards
Matis
>
> I have this kind of network:
>
> /==========\ /==========\ /==========\
> | ROUTER 1 |---| FIREWALL |---| INTERNET |
> \==========/ \==========/ \==========/
> | |
> /==========\ /==========\
> | LAN | | ROUTER 2 |
> \==========/ \==========/
>
> The firewall allows only ports 80 and 443 to the internet and 22
> to the ROUTER 2. It also allows everything from ROUTER 2 to the
> internet. Fortunately, I have root access to ROUTER 2. So the
> question is: can I make a tunnel from ROUTER 1 to ROUTER 2 only
> via port 22 (ssh) so that I could gain full access to the internet?
>
> (Problem is that our server on the internet have all set nonstandart
> ports set and the only way for us to access them is either [connect to
> ROUTER 2 and then connect to the servers] or [make a bunch of single
> ssh tunnels to the servers via ROUTER 2].)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/