Hi
This is an odd question. But here it is. I have two hosts both with two
nicks physically in two different countries. One host I have DNAT set up on
such that all traffic is forwarded to the second host.
iptables -t nat -A PREROUTING -d 0.0.0.0 -j DNAT --to-destination
second_host_ip
But what I am trying to imagine is how can I get the second host to un-DNAT
the traffic from the first host.
using an example packet from 10.0.0.12 to 195.14.13.2 hits first host. First
host changes the src address (10.0.0.12) to its WAN addr and changes the
destination 195.14.13.2 to the address of the second host say 212.13.2.234.
212.13.2.234 recieves the packet but now has to DNAT it back to
195.14.13.2 and send off t''internet.
So basically all traffic has to use 212.13.2.234.
So the the state table from host one has to be shared to host two which
would mean (worst case)sending an update packet for each packet. This is an
unworkable solution. So is there an encapsulation protocol i can use to
encode the "real destination".
I dont have much experience with VPN''s but maybe it is along those
lines I
should be thinking. Some kind of tunnelling.
Thanks
Ufo Mechanic
Never be afraid to "make clean"
_________________________________________________________________
Use MSN Messenger to send music and pics to your friends
msn.co.uk/messenger
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: lartc.org
