ipchains thro firewall
Like (many?) schools we have a number of machines with real IP addresses facing the outside world - for Mailserving, proxy server, PPTP remote access, etc. - including a linux box. These are physically located close to our ADSL router. These servers have two network cards - one facing the ADSL bits and one facing the rest of our internal network. I now have requirement to provide our security cameras recording box a real IP address for a box which is situated remotely in the school. I could, with some expense provide a new fibre cable all the way to it - at some expense. I had thought that maybe the security firm could use VPN access but they didn't seem to know anything about that - and I can't fiddle with their monitoring station. Can I use the LINUX box (using IPchains or equivalent) a route to provide access to their box - and if so how? Currently our internal network is 1.0.X.Y/16 and our external network is 217.204.233.1-15/240. (And don't start asking me why our internal network is non standard IP scheme - its to do with the fact that we still have some old Acorn stations that default to his address scheme and although they could reload a new network stack on boot up they are slow enough already). I suppose some kind of NAT scheme would allow their cameras to create an external link - but that would not alone allow the external monitoring station to create a link back to the cameras. Obviously those in the know, reading this, will be chuckling that this guy knows nothing (I know that already...in fact the little more I get to know the more I know I don't know!) but if you are able to offer any guidance I would be grateful. TIA -- Alan Davies Head of Computing Birkenhead School
If I was doing it I would not use ipchains but I would use some sort of port forwarding - ask the security company which ports on the camera they need to connect to and then use some port forwarding software to pass them on (AFAIK ipchains cant do it on its own) - i personally use software called Portfwd (http://portfwd.sourceforge.net/). Hope this helps, Alex Brett alex.brett@brettcomputers.co.uk On 9 Apr 2003 at 9:11, Alan Davies wrote:
Like (many?) schools we have a number of machines with real IP addresses facing the outside world - for Mailserving, proxy server, PPTP remote access, etc. - including a linux box.
These are physically located close to our ADSL router.
These servers have two network cards - one facing the ADSL bits and one facing the rest of our internal network.
I now have requirement to provide our security cameras recording box a real IP address for a box which is situated remotely in the school. I could, with some expense provide a new fibre cable all the way to it - at some expense.
I had thought that maybe the security firm could use VPN access but they didn't seem to know anything about that - and I can't fiddle with their monitoring station.
Can I use the LINUX box (using IPchains or equivalent) a route to provide access to their box - and if so how?
Currently our internal network is 1.0.X.Y/16 and our external network is 217.204.233.1-15/240. (And don't start asking me why our internal network is non standard IP scheme - its to do with the fact that we still have some old Acorn stations that default to his address scheme and although they could reload a new network stack on boot up they are slow enough already).
I suppose some kind of NAT scheme would allow their cameras to create an external link - but that would not alone allow the external monitoring station to create a link back to the cameras.
Obviously those in the know, reading this, will be chuckling that this guy knows nothing (I know that already...in fact the little more I get to know the more I know I don't know!) but if you are able to offer any guidance I would be grateful.
TIA
-- Alan Davies Head of Computing Birkenhead School
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
Alex Brett <alex.brett@brettcomputers.co.uk> wrote:
to connect to and then use some port forwarding software to pass them on (AFAIK ipchains cant do it on its own) - i personally use software called Portfwd (http://portfwd.sourceforge.net/).
uinetd, rinetd and nportredir are also possibilities. If you are using a later setup (iptables from 2.4.x kernels), then you might be able to do this on its own. Ask more when you have more details and I expect someone will be able to help. MJR
participants (3)
-
Alan Davies -
Alex Brett -
MJ Ray