Hi All,
I'm in a network quandary. I've been asked to enable remote access to
a legacy client/server application. The application operates over
multiple, ephemeral TCP connections (all emanating from the client.)
Right now, I've successfully got the client application running via a
dual-homed Linux box that is MASQuerading (source NATting) the
connections between the server LAN and the client LAN. The MASQuerade
is necessary because the server has a check to ensure the client is
operating on the same subnet. (I'm sure there was a good reason 10
years ago for this decision.)
The problem comes when I try to access the server from a remote client
LAN. On the Windows clients, when I try to add a route, the addition
fails because the gateway is not on the local LAN. I can't add a
route on the router connecting the two subnets for political reasons.
It seems that there should be a way to create a virtual IP on the
Linux box, and then MASQuerade all the connections to the virtual IP
address to the server LAN. I've play with the IPTABLES, but not
succeeded so far.
In effect, the clients would connect to a routable IP address on the
client LAN (solving the remote gateway problem), the Linux box would
MASQuerade the connection (solving the server subnet check problem),
and then pass it on to the server LAN.
This would essentially look to the clients as if the server is on
their side of the LAN (although not necessarily their subnet), and to
the server as if the clients were on its LAN (specifically its
subnet).
Since we're dealing with ephemeral port numbers, simple
port-forwarding doesn't seem to be an answer.
Any ideas out there?
TIA,
Bob
|
Similar Threads
Linear Mode
