[Gllug] Network configuration

Chris Andrews chris at nodnol.org
Fri Jun 20 10:44:23 UTC 2003


On Fri, Jun 20, 2003 at 11:22:23AM +0100, Jack Bertram wrote:
> * Tethys <tet at accucard.com> [030620 11:16]:
> > Jonathan Dye writes:
> > >I want the machines to be public accessible and then use the firewall to
> > >choose what actually gets in.  For example I want to be able to ssh into any
> > >of the internal machines.
> > 
> > Use port forwarding on the firewall.
> > 
> > >Therefore I though my options were to either give them all real IP
> > >addresses or to re-write the public addresses to private addresses
> > >with a one to one mapping at the firewall. I thought the former would
> > >be simpler.
> > 
> > I guess the level of difficulty depends on the individual in question,
> > but I'd have gone for NATing with port forwarding (in fact, I *did*
> > go for that option :-) My home setup looks pretty my exactly like yours,
> > except that I have a few more machines behind the firewall...
> 
> Doesn't this mean that, for example, if you want to ssh to 1 of 10
> machines behind the firewall, then you have to remember which strange
> port number on the firewall to use to ssh to each machine?

If you have spare public IP addresses, you just need to do a one to
one mapping onto the private address behind the firewall. No port
translation, no breakage.

You only need to map ports where you have fewer IP addresses than
machines, and that's where the NAT breakage comes in.

Chris.

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list