[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IPv6 (was: Oh yeah, I'm famous)



On Fri, Aug 11, 2000 at 11:45:06PM -0500, Charles Menzes wrote:
> > That's what I'm planning to do, should the day come for me.
> > Actually, it'll look like this:
> > 
> > 192.168.1.0/24 -> 192.168.0.1 -> 192.168.0.2 ----> 192.168.1.1 -> 192.168.1.2
> >  My internal        Internal       External   VPN     Their          Target
> >    network          firewall       firewall          firewall
> 
> 	will you be bridging the traffic across the vpn?
> 	since it appears that both lans have the same address space,
> 	how will packets destined for the opposite lan be flagged
> 	as eligible to be routed through the firewall and vpn'd?

The proxy on the external firewall manages this.  Internal hosts don't
try to make the connection themselves to the server; they simply
connect to the internal firewall.  The only system trying to connect
to the remote server is the external firewall; it doesn't know how to
get to the internal network, so its routing can be set up to route
those packets across the VPN.

Don't ask me what we'll do if two vendors each need us to connect to
their servers, both in the same subnet.  I think, at that point, that
routing by port number would have to come into play, which is so much
of a kludge it isn't funny...
-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.