|
|
On Wed, 2007-11-07 at 09:26 -0500, Cirroc wrote: > Essentially, since all the traffic passes through the server, I can use > iptables to restict the traffic to only the few known-good ports that > the application needs. I do similar things here, and make good use of the nat table in the kernel netfilter to rewrite both the destination (DNAT) and source (SNAT) addresses as necessary so that packets go where I want them and appear to come from wherever I say they do in the nat table. Without addressing your problem specifically, my approach would be to explore creative address rewriting :-) You can get _very_ creative with it, and if you do it right, it'll just work. > I'd love any help or thoughts in setting this up.. It feels so close, > yet so frustratingly far away. I know the feeling well .... ;-) -- Lindsay Haisley | "In an open world, | PGP public key FMP Computer Services | who needs Windows | available at 512-259-1190 | or Gates" | http://pubkeys.fmp.com http://www.fmp.com | | ____________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |