Hi folks,
I have two CentOS 4 server I administrate doing routing and firewalling of two networks (one NATed and firewalled and the other one merely firewalled) and I'd like to build a tunnel to allow computers on the normal private network (and the firewall) to access the private IPs of computers behind the NAT/firewall.
ie. ALPHA BETA 10.0.0.0/8 - CentOS4 - internet - CentOS4 - X.Y.Z.0/24 Private IPs Firewall Firewall Public IPs and NAT
now the internet is intracity, within one provider and decently safe (6 hops), but still some sort of encryption would be nice... (otherwise I'd just use ip tunnel).
How do I allow both BETA and X.Y.Z.0/24 to connect to the private IPs? Should I use CIPE? IPSEC? something else? any good howtos? Preferably something fast and reliable, doesn't need to be that easy to set up :)
I'm basically looking for comments, I have looked around on google, and it seems there's _tons_ of options, but IPSEC seems to be winning out... am I correct in that assumption?
Cheers, MaZe.
On Thu, 2005-05-26 at 20:03 +0200, Maciej Żenczykowski wrote:
Hi folks,
I have two CentOS 4 server I administrate doing routing and firewalling of two networks (one NATed and firewalled and the other one merely firewalled) and I'd like to build a tunnel to allow computers on the normal private network (and the firewall) to access the private IPs of computers behind the NAT/firewall.
ie. ALPHA BETA 10.0.0.0/8 - CentOS4 - internet - CentOS4 - X.Y.Z.0/24 Private IPs Firewall Firewall Public IPs and NAT
now the internet is intracity, within one provider and decently safe (6 hops), but still some sort of encryption would be nice... (otherwise I'd just use ip tunnel).
How do I allow both BETA and X.Y.Z.0/24 to connect to the private IPs? Should I use CIPE? IPSEC? something else? any good howtos? Preferably something fast and reliable, doesn't need to be that easy to set up :)
I'm basically looking for comments, I have looked around on google, and it seems there's _tons_ of options, but IPSEC seems to be winning out... am I correct in that assumption?
Cheers, MaZe. ______________________________________________
Ipsec is the way to go, I have had excellent results using openswan 2.1.5(patched with fix for snmp crash) on FC1, migrating to Centos is on my to do list.
Ted