RE: [TCLUG:9401] Cisco 675 questions

[Unni Nambiar <unambiar@Legato.COM>]

> If you haven't gotten one yet that means when you do it'll be 
> running the
> newest code release which can do what's called "wildcard NAT" 
> where you
> specify what IP internally all ports are forwarded to.  
> That'd probably
> work ok with the firewall setup where you just forward all 
> ports to your
> firewall and let it sort everything out. And yes, all the 
> forwarding is
> transparent.
> 

Could you elaborate on this please ?

I don't know the code release for the one i have, but the CBOS doc. talks
about this syntax.

set nat entry add <ip-inside> <port-inside> <ip-outside> <port-outside>
<protocol>

and you _can_ use 0.0.0.0/0.0.0.0 to match any ip address (wildcard NAT ?).

What i'm not sure about is, is this entry directional ?  That is, are we
talking about packets coming in or going out or both ?

Can i then, use the following to access my web server.

set nat entry add 10.0.0.2 80 63.123.123.243 80 tcp

where,
10.0.0.2       is the non-routable address of an internal web server machine
63.123.123.243 is some ISP assigned DHCP address of my router's wan0
interface

and give 63.123.123.243 as the URL ?  How will this effect access to the
router's internal web server ?

Eventually i would like to use this setup to access my machine from outside
using ssh.

I'll be playing around with this pretty soon.  Thought i'd check if anyone
else has already done something similar.

BTW, i got my Cisco 675 recently and it is in PPP mode, not bridging.

Thanks in advance.

-Unni