Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) Q. Can you run servers behind Pipeline (running NAT)?
At 09:18 PM 11/12/97 -0600, Luke Parrish wrote:
>It may be easier if you explain to him why the ip's will be be able to be
>hit from the outside world...
>From the outside world all of your machine will look like they have the
same address - that assigned by the NAS (dynamic or static - either way).
>First of all i am not an expert on this, but this is my understanding.
>
>NAT will use local addressing, meaning that "my address" will be set to
>200.200.200.200/24 on the pipeline.
The my-address is local and ONLY relevant to the machines behind it. This
address is NEVER used on the WAN side and the rest of the world knows
nothing about it. The assigned address is mapped by the Pipeline to all
of the local addresses via a mapping that consists of IP/port combinations.
>This would allow you to dial up to
>your ISP and receive a dynamic ip. Then the ip address that your
>web/http/ftp servers will be on, would be 200.200.200.201 .202 .203 etc.
No, they would all *LOOK LIKE* they are on the address that is "assigned" to
you at connection time.
>With a mask of 255.255.255.0.
Not really, but....
> What would be ideal is if your ISP could
>provide you with say a /27 block of address's and then you could have
>"real" address's for each box on your network. But there will be additional
>costs to this, so i am sure that is why you are doing NAT.
>Just dont let
>your ISP know that you are doing it, they tend to get unhappy when they
>find their dialup ISDN customers with machines behind their single
>connection. I work for an ISP and we get mad, so just thought i would let
>you know :)
Interesting.....you'd rather burn IP addresses then....
>What you could do is direct internet traffic by your one real ip address.
>Like all FTP traffic to port 21, and then specify a local address to route
>all port 21 traffic to, this is done with static mappings.
Yes...this is it...maybe I misunderstood wat you were suggesting above.
>But the reason that these address's are not able to be reached from the
>outside is that these are "local address's".
But you don't care about that. To the outside world they are all on the
same "assigned" address.
>Which means they are being
>used all over the world by many networks as local address's. So lets say i
>did a trace to 200.200.200.201, it will go no where, cause it knows that it
>is assigned for local addressing.
The outside world knows nothing about your local/private addressing scheme.
>And when you say that it sounds doable, i have found that if you sit down
>and actually read through one of the manuals they send out, and a .pdf on
>the 5.1A code, (took me a while to figure the whole manual thing out), then
>you can do almost everything with these little bad boys.
Ah, so we do agree....
It is pretty clear from the 5.1A release notes that this can be done....
>At 06:26 PM 11/12/97 -0500, you wrote:
>>>Yes you can run them, but users from the outside world will not be able to
>>>hit them.
>>
>>
>>That's too bad.
>>
>>>I totally dont understand what you mean by "The DNS effectively becomes
>>>the router", as they are two TOTALLY different things, doing two TOTALLY
>>>different functions, but your overall answer is NO. Go buy a Motorola
>>>BitSucker Pro for $150, and save some cash.
>>
>>Oops. Sorry for my misuse of the terms. What I mean to say is that with a TA
>>as a NIC sitting in the same machine as the DNS, one can effectively turn
>>the Server into routing the LAN. Then with multi-homing on a single IP, I
>>can
>>run other servers on the subnet.
>>
>>But I don't like this solution because it means dedicating one machine for
>>the task
>>and using the software to solve it instead of letting the hardware
>>(pipeline) handling this.
>>
>>I am still hopeing a solution is available. Maybe something like setting the
>>default
>>route to a specific machine. That is, if an unsolicted packet is sent to the
>>pipeline 75,
>>it will automatically (by default through some sort of configuration on p75)
>>be routed to a specific machine. It should be doable, at least conceptually.
>>
>>Thanks.
>>
>>Edwin
>>
>>
>>
>>>
>>>Scott R. Chrestman
>>>System Administrator
>>>Netropolis Communications Corp.
>>>src@netropolis.net
>>>
>>>
>>
>>++ Ascend Users Mailing List ++
>>To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
>>To get FAQ'd: <http://www.nealis.net/ascend/faq>
>>
>>
>
>
>* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>* Luke Parrish * Email lparrish@iamerica.net *
>* LDS-iAmerica, ISP * Email luke@ciscokid.iamerica.net *
>* Network Engineer * Phone 1-800-789-6062 x3010 *
>* AS 4958 * http://cust.iamerica.net/lparrish *
>* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>* The Internet is our friend. *
>* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>
>++ Ascend Users Mailing List ++
>To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
>To get FAQ'd: <http://www.nealis.net/ascend/faq>
>
Kevin
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
Follow-Ups:
References: