[f-nsp] Yet Another Nat Question

Gerlof.Dijk gerlof.dijk at hccnet.nl
Thu Dec 9 07:28:57 EST 2004


Why not admin your systemen on the private addresses? A bit more secure
because you don't expose you systems to the outside world:-)

But it is possible to bind SSH to a VIP. It is even possible to admin all
your systemen with 1 vip address and different tcp ports (and using port
translations) witch has the benefit that you secure this single VIP with a
ACL.

And you can use your static nat solution. But again, static nat is
bidirectional (makes no diffecrence if you use "static nat inside" or
"static nat outside"). When you use static Nat to do source nat it is also
possible to connect to the NAT address (directly connecting to your internal
server) . Thats why Nat pools are more secure.


greetings





-----Oorspronkelijk bericht-----
Van: foundry-nsp-bounces at puck.nether.net
[mailto:foundry-nsp-bounces at puck.nether.net] Namens Timothy Arnold
Verzonden: donderdag 9 december 2004 12:02
Aan: foundry-nsp at puck.nether.net
Onderwerp: [f-nsp] Yet Another Nat Question

Hi Everyone,

I haven't quite figured out the benefits of using NAT but I am sure someone
can tell me. ?

On one VLAN of the Serveriron I have all the public IP VIP addresses, on the
other VLAN I have an internal 10.x block. I have set-up inside nat for one
of my servers and outbound connections will appear from the public IP that I
have specified. Great!!

Now, how would I configure a static mapping for the public IP addresses for
incoming requests? For example. I have a VIP address that I use for Port 80
and that works fine, however, if I want to be able to admin the server via
SSH, I would need to create a static mapping for incoming requests, kind of
like the PIX static commands

Is this possible using the Serveriron? Would I need to create a virtual
server with the same IP address that I use for the inside static nat?

Any ideas would be appreciated.

Thanks
Tim.




_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp





More information about the foundry-nsp mailing list