Re: [TCLUG:9401] Cisco 675 questions

[Jim Raney <seumas@mad-seumas.net>]

If you haven't gotten one yet that means when you do it'll be running the
newest code release which can do what's called "wildcard NAT" where you
specify what IP internally all ports are forwarded to.  That'd probably
work ok with the firewall setup where you just forward all ports to your
firewall and let it sort everything out. And yes, all the forwarding is
transparent.

Routed PPP is much more stable (at least in my experience) than the
bridging mode is.  Also, most local ISPs are switching or have switched to
routed PPP (I know that Visi is moving all thier remaining bridged
customers to routed PPP and at the ISP I work for all of our new customers
are routed and I'll be moving all of our bridged customers to routed PPP
over the next few months).  Bridged mode has the nasty side effect of
broadcast traffic going up and down the lines in the same bridge group and
also lets SMB/Appletalk broadcasts traverse from user to user so that
individuals in a bridge group can see each other's windows/apple shares,
etc.  So its also annoying from a security standpoint as well.  Once the
router is going in routed PPP all broadcast traffic stops there and it
allows access to some of the router's other functions, such as the
internal DHCP server, IP filters, NAT, etc.

--

Jim Raney

"I poured spot remover on my dog.  Now he's gone."
		--Steven Wright

On Mon, 25 Oct 1999, Jon Schewe wrote:

> I don't have one yet, but I'm trying to get all the information first.  So
> does this forwarding of all ports transparently?  I already have a firewall
> server setup through my modem right now and I'm wondering if it'll just be
> easier to put the cisco in bridging mode rather than screw with it's nat.
> 
> ----- Original Message -----
> From: Jim Raney <seumas@mad-seumas.net>
> To: <tclug-list@mn-linux.org>
> Sent: Monday, October 25, 1999 2:12 PM
> Subject: RE: [TCLUG:9401] Cisco 675 questions
> 
> 
> > Check out the command "set nat entry add" in your Cisco documentation.  It
> > lets you set up port forwarding to the machines(s) of your choice.
> >
> > --
> >
> > Jim Raney
> >
> > "I poured spot remover on my dog.  Now he's gone."
> > --Steven Wright
> >
> > On Mon, 25 Oct 1999, Phil Plumbo wrote:
> >
> > > Thanks Jer and Andy, for the responses and info. I'm going to borrow a
> hub
> > > from work and try this out tonight.
> > >
> > > Jeremy wrote:
> > >
> > > >NAT is "Network Address Translation" and serves fundamentally the same
> > > >purpose as IP Masquerading.  You lose, of course, if you want to
> provide
> > > >external services via this configuration, because none of your boxes
> other
> > > >than the Cisco router have a "real" IP address.
> > >
> > > Pooh. So I won't be able to ftp into my home box from work. What do I
> have
> > > to do to be able to do this - switch ISPs?
> > >
> > > I recall an earlier post here someone suggesting setting the Cisco to
> > > bridging mode and having the Linux box get the IP address, and have it
> do
> > > gatewaying for the internal network, but don't feel comfortable doing
> > > anything like that until I have a better understanding of what I am
> doing.
> > >
> > > Phil
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > > For additional commands, e-mail: tclug-list-help@mn-linux.org
> > >
> > >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> > For additional commands, e-mail: tclug-list-help@mn-linux.org
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
> 
>