[nzlug] connecting two networks?
Daniel Pittman
daniel at rimspace.net
Wed May 21 15:53:31 NZST 2008
Simon <greminn at gmail.com> writes:
> We have an office in tga on DSL with a fixed IP address and a bunch of
> servers in at ICONZs behind a fortigate firewall, but with public
> addresses. What im wondering about is creating some sort of secure
> link between the two so that all our staff can do things like manage
> mysql servers, browse samba shares, ftp etc over that link without
> having VPN in or setup ssl tunnels on each pc. I just need a pointer
> on the right track rather than a howto please :)
I strongly suggest you read the manuals for the Fortgate devices, which
are quite capable of creating a site-to-site VPN tunnel and include
excellent examples and directions on how to do so.
> Can this be done over ssh? I like ssh.
A also strongly suggest that you avoid inventing solutions without fully
understanding their implications: this is *not* the solution you are
looking for.
Any tunnelling of IP over TCP is a fundamental mistake, which will cause
you significant grief at some point. Please note that this is a
different case from tunneling /data/ over a TCP link, which is what the
various port forwarding options available as part of SSH offer.
If you absolutely insist on doing it that way, rather than trivially
through the firewall hardware, then you would be well advised to use
only the generic "SOCKS" or "dynamic" forwarding capabilities of ssh.
Regards,
Daniel
More information about the NZLUG
mailing list