On Mon, Nov 12, 2007 at 04:46:51AM +0100, Michael Schmitz wrote: > > On Mon, Nov 12, 2007 at 01:28:21AM +0100, Michael Schmitz wrote: > > > Routing/VPN off Duesseldorf would give you a quasi static address (we > > > would need to put a similar mechanism in place to update the route entry, > > > whereas for VPN you would just have to reopen the tunnel after an IP > > > change). > > > > I can recommend OpenVPN there: it'll try reconnecting every five seconds > > if the link dies; it can work with SSL certificates rather than > > passwords; and it's fairly reliable IME. > > That would have been my first choice - haven't set it up server side yet > but had good success with an implementation on an off the shelf firewall > solution. > > > > I assume iptables can be tweaked to redirect port 22 for crest to port > > > 2622 or whatever on sol, with similar tricks for http and smtp. I would > > > have to look at some example rules to pull it off, though. > > > > Sure. Something like this should work: > > > > iptables -t nat -A PREROUTING -d <old IP of crest> --dport 22 -j REDIRECT > > --redirect-to <new IP of crest>:2622 > > > > if I'm not mistaken (writing this from memory), but at the very least it > > will show you what you need. > > Thanks a bunch, I'll give that a try. I may combine tht with a tunnel on > case the biophys guys don't feel comfortable with VPN on the firewall.
Now that it's morning rather than night: it's DNAT rather than REDIRECT -- <Lo-lan-do> Home is where you have to wash the dishes. -- #debian-devel, Freenode, 2004-09-22 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
