|
Good Morning,
You posted to debian-firewalls, therefore I assume this has something to
do with making a hole in a firewall.
I think if "we" knew the purpose of all this "data piping" then it would
be easier to find a solution to the true problem, which might be more
efficient than asking "us" to verify one possible solution to a problem
"we" don't understand. Regardless, here's my theory.
If I interpret "connection" literally, you can't do that at the TCP level,
although there's surely many ways to combine the output of multiple TCP
connections. TCP was designed as a point to point reliable data system.
So it doesn't do multiple simultaneous timeout timers or byte-window
counters, on a single connection. If you lost a datagram from endpoint
#89 of a "connection", how would the main site know it was lost, and then
how would it tell #89 to resend, at the TCP level? Of course you could
have multiple TCP connections to some kind of hub process that combines
the data, which has already been suggested.
If I interpret "connection" as "TCP port", what you could do is run
several copies of the "redir" program on the Debian firewall. For
example, say you had an IRC server box on the inside network on port 6667
and you wanted it accessible from the rest of the world on ports 6665,
6666, 6667, and 6668.
Then you'd run redir on the firewall to connect outsideip:6665 to
ircserver:6667, run another copy of redir to connect outsideip:6666 to
ircserver:6667, and so on and so forth. I think that would work, although
I've never tried something exactly like that, but done many similar
things. Personally I'd put all the redirs in a shell script to start them
up manually every reboot, but of course that depends upon individual
cases.
On the Debian firewall, as root user, you could install redir and any
dependant packages by running the usual "apt-get install redir"
Thanks and Good Luck!
P.S. If you have to use micro$oft LookOut, you have my sympathies.
----- Forwarded by Vince Mulhollon/Norlight on 11/08/2000 07:44 AM -----
"Michael McConnell" <michael@xxxxxxxxxxxxxx>
11/08/2000 12:02 AM
To: <lvs-users@xxxxxxxxxxxxxxxxxxxxxx>,
<debian-firewall@xxxxxxxxxxxxxxxx>
cc: (bcc: Vince Mulhollon/Norlight)
Fax to:
Subject: Data Piping
Ok here goes some crazy idea.
What I want to do is accept multiple TCP connections, but yet, PIPE all
the DATA into one single TCP connection?
TCP---------\
\
TCP-----------\
\
TCP-------------======== TCP
/
TCP----------/
Hmm, lets see how outlook does with ANSI...
Theories?
Mike
|
