As I undersand NAT, it allows a LAN to access an external network from a single point of access/IP. (I apologise if someone uses 125.126.127.190, it was just a random IP I thought of). Each outgoing IP on the network is translated into an IP and portnum and creates a connection. When an external IP tries to get into the network, it requests the IP of the NAT server and a port. The information is then forwarded from that port to an internal IP address and port. You define what each port on your external IP is related to, i.e. if you external IP is 125.126.127.190 and your mail server is 192.168.0.1 and web is 192.168.0.2 then someone accessing the port 125.126.127.190:80 will be forwarded to 192.168.0.2:80 and someone accessing 125.126.127.90:25 would get 192.168.0.1:25. This is just a rough example, a NAT server is a basic kind of firewall, anyone accessing port 21(telnet) on 125.126.127.190 will not be forwarded anywhere. Of course you could pretend to have an IRC server set up on port 6667 but really have it on port 28 on 192.168.0.3 so anyone accessing 125.126.127.190:6667 gets forwarded to 192.168.0.3:28. So if you have a notes server on 192.168.0.4 (what port does it use to connect? I will use 30 ) and your Qube at 192.168.0.5 serving http on 80 and pop on 110. And your NAT router dials in as 125.126.127.190 as an external IP, internal IP 192.168.0.8 (but that is not important for my example, only as a gateway) You would set up your NAT router as a normal NAT router, converting all 192.168.0.0 netmask 255.255.255.0 (class C) to 125.126.127.190/something You set your internal network up as usual (for a router) with a gateway of 192.168.0.8. Then on your NAT server you decide which external ports to provide, in this example 30 (notes?) 80 (HTTP) and 110 (POP). You set port 30 to be forwarded to port 30 on 192.168.0.4 Ports 80 and 110 to be forwarded to ports 80 and 110 on 192.168.0.5. And drop everything else. That would basically be it. For the DNS entry you would give your external IP. As I said, a NAT server is a basic firewall, only those ports to forward are allowed. Hope this helps someone. Gareth > Date: Thu, 20 Sep 2001 09:31:20 -0400 > From: John Anderson <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: [cobalt-security] NAT Question > Reply-To: [EMAIL PROTECTED] > > Hi, > > I've got a Qube2 and I was wondering about using NAT. > > Here is what I would like to do: > > - I run Lotus Notes on a server here that is behind our firewall (the > Qube acts as our firewall) > - I would like to have my users be able to get to Notes from outside the > office, without moving the box outside the firewall. > > Now forgetting a minute about the whys and hows of dealing with Notes, I > was curious about the procedure to setup NAT. > > I've got a few questions: > - would I assign another IP for this situation? > - could I just use the same IP it's got now, and use a different port > number? > - could I add a dns entry so I have something like notes.ceeva.com and > that sends the packet to the qube, which translates it to the internal > server? > > If someone could point me to a good FAQ or HOWTO I would appreciate it. > > Thanks in advance. > > > --John > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
