Matt
2005-Jun-09 01:29 UTC
[Shorewall-users] puzzle: listen on port X on internal interface, and send data to remote host with dynamic ip
Hi all, I have a strange goal.....
the setup: two sites ("a" and "b") both with linux machines
running
shorewall. a machine at site ''a'' needs to connect to services
on a
machine at site ''b''. both sites have dsl with dynamicaly
assigned ip
addresses. site ''b''s ip can be resolved from
siteb.dynamic.dns.com (one
of those fancy dynamic-dns sites)
the goal: to have a computer at site ''a'' connect to a port on
the
internal nic of the router at site ''a'' and have it
transparently
communicate through this port to a computer at site ''b''. this
will be a
windows networking/smb connection, so the client machine and the server
can''t specify a port number. For various reasons we cannot expose the
standard smb port at site ''b''.
I know i can use DNAT on the router at site ''b'' to accept
connections on
port 12345 and send them to the server port 139.
what can i use at site ''a'' to accept connections on port 139
on the
local interface and forward them to siteb.dynamic.dns.com port 12345?
If I specify the fqdn in the shorewall config I see two problems: it
either will not work at all, or it''ll resolve the address once (when
shorewall is started) and never again.
I''d like to avoid setting up a vpn as i''m short on time, and I
can''t
install ssh on either machine.
ideas? comments? suggestions?
thanks,
+matt
ps. let me know if you need me to clarify anything
Eduardo Ferreira
2005-Jun-09 13:04 UTC
Re: puzzle: listen on port X on internal interface, and send data to remote host with dynamic ip
Matt wrote on 09/06/2005 05:32:09:> Hi all, I have a strange goal..... > > the setup: two sites ("a" and "b") both with linux machines running > shorewall. a machine at site ''a'' needs to connect to services on a > machine at site ''b''. both sites have dsl with dynamicaly assigned ip > addresses. site ''b''s ip can be resolved from siteb.dynamic.dns.com (one> of those fancy dynamic-dns sites) > > the goal: to have a computer at site ''a'' connect to a port on the > internal nic of the router at site ''a'' and have it transparently > communicate through this port to a computer at site ''b''. this will be a> windows networking/smb connection, so the client machine and the server > can''t specify a port number. For various reasons we cannot expose the > standard smb port at site ''b''. > > I know i can use DNAT on the router at site ''b'' to accept connections on> port 12345 and send them to the server port 139. > what can i use at site ''a'' to accept connections on port 139 on the > local interface and forward them to siteb.dynamic.dns.com port 12345? > If I specify the fqdn in the shorewall config I see two problems: it > either will not work at all, or it''ll resolve the address once (when > shorewall is started) and never again. > > I''d like to avoid setting up a vpn as i''m short on time, and I can''t > install ssh on either machine. > > ideas? comments? suggestions? > > thanks, > +matt > > ps. let me know if you need me to clarify anythingI think, for what I could understand, that you need some kind of tunnel to connect the two sites. THEN, you create rules to allow traffic from one side of the tunnel (site ''a'') to the smb servers at the other side of the tunnel (site ''b''). A good place to start reading about tunnels and the use of them with shorewall would be: http://www.shorewall.net/VPNBasics.html HIH ________________________ Eduardo Ferreira Icatu Holding S.A. Supervisor de TI (5521) 3804-8606