I'm no expert at firewalling, but I have been studying internet security off
and on for the last few years. What in the world will direct translation of
128 IPs to another "hidden" 128 IPs really gain you. From what I can see,
nothing. I would still be able to attack you because an external IP will
guarantee me access to a specific machine on the inside. In addition, once
I broke into one server, I would now have access to the rest unless you do
some heroic lockdown of service on your servers since they are all huddled
together.
Will this private network also have machines that are supposed to be
"invisible" to the net (like personal workstations)? If so, your servers
should be sitting in one or more DMZ's to minimize disruption and cross
contamination.
Would it not be simpler to just expose all your machines that you want to
have direct access to the internet (and hide the remainder behind a true,
secure firewall)?
Just a few random thoughts spilling out of my brain,
Matthew Zaleski
----- Original Message -----
From: "Sveinar S�pler" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, May 03, 2001 3:27 AM
Subject: [Cooker-firewall] CookFire and NAT
> Is it possible to do nat'ing like this :
>
> I have 128 public ip adresses from my ISP. I want to run several servers++
> and want all my machines to use the public ip's i have from my ISP. Also
> when i connect out from one of my machines to external source, like an FTP
> server or IRC server, i want this to be connected "from" my "real" ip, and
> not the firewall ip.
>
> E.g. My "inside" box has ip adress : 192.168.0.100 My external adress
should
> the be nat'ed to 193.212.1.100 (masking away 192.168.0 for 193.212.1) The
> next machine 192.168.0.154 should be 193.212.1.154 and so on..
>
> Is this possible? I have been searching the net for such a solution, but
the
> only usable i get, is "let's say you have one ip... ".. But i have 128!
>
> I want to be able to connect to 1 ip adress for my WEB server, another for
> my FTP server+++, and NOT use "Port mapping" at all.. But the "real"
> adress..
>
> Could someone help me out? Is this a possibility in CookFire?
>
> Sveinar S�pler
> Servicekoordinator
> Tech Computers
> Tlf : 22896022
> Mail : [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
>
>
>
