On Fri, Jun 15, 2012 at 12:51 AM, Sanjay Arora <sanjay.k.arora at gmail.com> wrote: > >> >> You still don't say what kind of access you need > > Basically accessing the VMs from the Internet....ssh, vnc, rdp, ftp & > so on...different needs for different vm. You should be able to make outbound connections that originate from the VMs through NAT. Direct inbound connections over the internet are impossible without a public address. or at least port-forwarding configured on the router - which it will probably only do to its own subnet. You could tunnel access through a VPN, though. OpenVPN on your server would be able to make an outbound connection through the nat to another site and you could route the private addresses through the VPN tunnel. Without support on the router, your VPN can only connect to pre-arranged public IP addresses. If you can get a single port (preferably UDP) forwarded on the router to your server, you would be able to connect from anywhere with an openvpn client which would be able to route for that host or for a remote site. >> - or why you can't >> bridge on the 172.16.1.0 side which eliminates half of the problem. >> Outbound connections are easy - your LTSP clients probably already >> have that via NAT on the server, and they also should be using the >> server as their default gateway. > > Yes LTSP has outward NAT access...require the same inward access there too... What about the server? Do you have any existing way set up for inward connections to it? If so, you can use a VPN or ssh port-forwarding, or reverse-proxy connections where a vpn will be the most generic. However, you have to be just as careful about firewalling such connections as at the main router you are trying to bypass. It is a bad idea to do this without support from your network administrator. -- Les Mikesell lesmikesell at gmail.com