| Bill Jonas on Wed, 19 Dec 2001 17:30:25 +0100 |
|
On Wed, Dec 19, 2001 at 09:58:47AM -0600, Robert J. Squire Jr. wrote: > The system will have to transparently pass smb and nmb traffic as well > as http traffic. Ideally it will also allow NT domain logins and > handle name resolution using nmb transparently. I know this is a tall > order but if anyone has any experience implementing a system like this > I could use a push in the right direction. Right now the variety of > possible solutions combined with the lack of a clear list of > capabilities is a bit overwhelming. Tunnelling between the firewalls is probably the cleanest solution. This will be transparent from the user's perspective and won't require any special software on the desktop. If, say, one office is numbered in the 10.1.0.0 IP space and the other one in the 10.2.0.0 space it shouldn't be too hard. (Or even if you use public IP addresses.) Unfortunately, I don't have any real experience with this, so I can't provide specific pointers. Keep in mind that in addition to all the packages out there available for doing this, one could even do something like tunnelling PPP through SSH (although I hear that that way is difficult to configure). I've heard that PoPToP is not bad if you want to interoperate with Microsoft clients (but if you do a firewall-to-firewall approach, this shouldn't matter unless you want to allow access to the internal network to people with Microsoft OSs from outside the network). Probably the thing that I've heard the most good things about is IPSec via FreeS/WAN, although I'd be hard-pressed to justify that if asked at this point. Hope that helps. -- Bill Jonas * bill@billjonas.com * http://www.billjonas.com/ Developer/SysAdmin for hire! See http://www.billjonas.com/resume.html Attachment:
pgpBJ6JKhO5i6.pgp
|
|