[Gllug] CISCOs

Alex Hudson home at alexhudson.com
Tue Jul 31 20:13:00 UTC 2001


On Tue, Jul 31, 2001 at 08:52:18PM +0200, Xander D Harkness wrote:
> The network guy here has NATed some of my servers. I have a couple of 
> servers that want to talk to one another using the resolved IP addresses 
> from DNS; this would be their public IPs.

What do you mean by NAT? Source NAT? Destination NAT? General NAT? Do you
mean they sit on a private network and the Cisco hosts their public
addresses? 

> They talk okay using the private IP addresses and I cannot setup 
> parallel IPs on an internal DNS system as I have new host names added 
> hourly.

If they sit on a private network, you can simply perform the routing
yourself by adding the public IP address to each server, either with the
correct netmask or with static routes. This won't affect the current routing
arrangement with the Cisco, nor would it negate the current 'security'
effect (given the servers are able to talk to each other currently).

I would be interested in the reason why the Cisco is setup to NAT - on it's
own, NAT provides precisely zero extra security. I'm presuming it's also
filtering ports etc., or that the network the servers sit on is a private
LAN containing other machines, not a DMZ? It might help if you give us a
clearer run-down of the current set-up...

Cheers,

Alex.

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list