RE: [TCLUG:9401] Cisco 675 questions

To: "'tclug-list@mn-linux.org'" <tclug-list@mn-linux.org>
Subject: RE: [TCLUG:9401] Cisco 675 questions
From: Unni Nambiar <unambiar@Legato.COM>
Date: Fri, 29 Oct 1999 11:39:10 -0500

Thanks a lot !

-Unni

> -----Original Message-----
> From: J. Raney (Mailing list account) [mailto:mlists@mad-seumas.net]
> Sent: Thursday, October 28, 1999 3:15 PM
> To: tclug-list@mn-linux.org
> Subject: RE: [TCLUG:9401] Cisco 675 questions
> 
> 
> On Thu, 28 Oct 1999, Unni Nambiar wrote:
> 
> > > If you haven't gotten one yet that means when you do it'll be 
> > > running the
> > > newest code release which can do what's called "wildcard NAT" 
> > > where you
> > > specify what IP internally all ports are forwarded to.  
> > > That'd probably
> > > work ok with the firewall setup where you just forward all 
> > > ports to your
> > > firewall and let it sort everything out. And yes, all the 
> > > forwarding is
> > > transparent.
> > > 
> > 
> > Could you elaborate on this please ?
> > 
> > I don't know the code release for the one i have, but the 
> CBOS doc. talks
> > about this syntax.
> > 
> > set nat entry add <ip-inside> <port-inside> <ip-outside> 
> <port-outside>
> > <protocol>
> > 
> > and you _can_ use 0.0.0.0/0.0.0.0 to match any ip address 
> (wildcard NAT ?).
> > 
> > What i'm not sure about is, is this entry directional ?  
> That is, are we
> > talking about packets coming in or going out or both ?
> > 
> > Can i then, use the following to access my web server.
> > 
> > set nat entry add 10.0.0.2 80 63.123.123.243 80 tcp
> > 
> > where,
> > 10.0.0.2       is the non-routable address of an internal 
> web server machine
> > 63.123.123.243 is some ISP assigned DHCP address of my router's wan0
> > interface
> > 
> > and give 63.123.123.243 as the URL ?  How will this effect 
> access to the
> > router's internal web server ?
> > 
> > Eventually i would like to use this setup to access my 
> machine from outside
> > using ssh.
> > 
> > I'll be playing around with this pretty soon.  Thought i'd 
> check if anyone
> > else has already done something similar.
> > 
> > BTW, i got my Cisco 675 recently and it is in PPP mode, not 
> bridging.
> > 
> > Thanks in advance.
> > 
> > -Unni
> > 
> 
> The CBOS release capable of wildcard NAT is 2.2.0.  It should 
> be shipping
> now or soon, and you can download the release from Cisco if 
> you have a CCO
> account.  If you don't check with your ISP to see if they can 
> provide a
> copy.
> 
> The syntax for the wildcard NAT entry is:
> 
> set nat entry add <inside ip address>
> 
> Then all ports forward automatically and transparently to the ip
> specified.
> 
> As far as the direction/internal web server on the 675 goes I 
> believe that
> the port forwarding occurs on the external interface only.  
> So when you
> access port 80 on the internal interface it should still show only the
> 675's web server and not forward to whichever machine you have port
> forwarded 80 to.
> 
> Another big difference in 2.2.0 is that one also doesn't need 
> to specify
> the outside ip address in the NAT entry - this is 
> automatically done since
> in most cases (even when the ISP assigns you a static IP) the 
> address is
> negotiated during the PPP login.  Before 2.2.0 you couldn't 
> really do NAT
> with a dynamically assigned IP without reconfiguring the NAT 
> table after
> your address changed.  Now it should be seamless.
> 
>  --
> James Raney
> Please send all mail to this address minus
> the "spamthis"
> <seumas@spamthismad-seumas.net>
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@mn-linux.org
> For additional commands, e-mail: tclug-list-help@mn-linux.org
>

Prev by Date: Re: [TCLUG:9544] Compiling the kernel -- AS86 ??
Next by Date: Re: [TCLUG:9550] Security Tidbit
Prev by thread: RE: [TCLUG:9401] Cisco 675 questions
Next by thread: Email Problems
Index(es):
- Date
- Thread