Re: [Fwd: (ASCEND) Nailed NAT]

[Steve Camas <stevec@liii.com>]

On Fri, 5 Mar 1999, Anthony Chatman wrote:

Date: Fri, 05 Mar 1999 14:42:25 +0000
From: Anthony Chatman <anthony@edge.net>
To: scott.kozicki@bluestar.net
Subject: Re: (ASCEND) Nailed NAT

I do not have any experience with nailed connections yet, however here
is a solution for pipeline's that are using nat on a non-nailed link.


A couple of recommendations for telnet.. Under ethernet -> nat -> nat
you can set the default server to the local ip thats on their lan. This
will cause any connections coming into the pipeline to be routed to the
pipeline's address (if you set it at the pipeline's lan address) and
therefore enabling you to telnet in.

Another more recommended solution is go under ethernet -> nat -> nat ->
static mappings and setup port 21 to port 21 with their lan address
under loc adrs, this will cause any incoming connections to port 21 on
the pipeline to be sent to the pipeline itself on port 21 therefore

For example a pipeline that is configured for NAT that has a lan adress
of 10.0.0.1

ethernet -> nat -> nat -> static mappings

Valid=Yes
Dst Port#=21
Protocol=TCP
Loc Port#=21
Loc Adrs=10.0.0.1

would allow you to telnet to the pipeline.



Hope this helps,
Anthony
-------------------------------------------------------------------


Uhhh.. port 21 is ftp -- think you meant port 23. ;-)

For what it worth, we also map 113 to the Pipeline's ether so that
sendmails out there that try to do an IDENTD get a connection refused
rather than waiting for the IDENTD to timeout (speeds up smtp traffic to
servers that try to do IDENTD).  We also map UDP port 161 so we can use
snmp to make sure the router is still up (nailed should always be online)
since we can't ping a router running NAT.

Steve


++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>