Rich Pieri wrote:
1:1 NAT maps a single internal IP address to a single
external IP address. With a VirtualBox guest the guest's network
interface is also the host's network interface. Using 1:1 NAT in this
environment means exposing the host's interface to public network
traffic.
VMs have
On Fri, Sep 28, 2012 at 4:03 PM, Tom Metro tmetro+...@gmail.com wrote:
Rich Pieri wrote:
1:1 NAT maps a single internal IP address to a single
external IP address. With a VirtualBox guest the guest's network
interface is also the host's network interface. Using 1:1 NAT in this
environment
On Fri, 28 Sep 2012 16:03:36 -0400
Tom Metro tmetro+...@gmail.com wrote:
VMs have networking options that let you chose between bridged and NAT
connections between the host and guest. One thing Eric should clarify
is whether the NAT setup is something set in an external firewall
appliance, or
From: Derek Martin [mailto:inva...@pizzashack.org]
You can't attack a service that isn't
there, or can't hear you.
Why do we care about having a firewall at all? Why don't we just shut off
services that aren't necessary?
To offer some protection against situations where you didn't intend
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Eric Chadbourne
eric@webserver1:~$ ping google.com
ping: unknown host google.com
That's a pretty conclusive dns failure...
eric@webserver1:~$ ping 173.194.43.38
PING
From: Edward Ned Harvey (blu)
Still, I think it's safe to conclude that your firewall is blocking both
outbound
ICMP and DNS.
A good test is like this:
ping 8.8.8.8
If it fails, you can conclude either ICMP is being blocked, or there's no route
to host, or no return route.
nslookup
Sorry for the top post but it just seems easier at the moment. I will
resolve this issue today come hell or high water. Thanks for the
excellent advice all. That's why I love BLU.
- Eric
damn dns!
On Thu, Sep 27, 2012 at 2:17 PM, Edward Ned Harvey (blu)
b...@nedharvey.com wrote:
From:
On Wed, Sep 26, 2012 at 11:55:37PM -0400, Eric Chadbourne wrote:
Hopefully this will provide some clues. Note that I currently have
the server set up as one to one nat. I've tried a bunch of other
configurations but this one appears to function as desired. The
server has ufw enabled to
On Thu, Sep 27, 2012 at 12:03:58AM -0400, Chuck Anderson wrote:
On Wed, Sep 26, 2012 at 11:55:37PM -0400, Eric Chadbourne wrote:
Hopefully this will provide some clues. Note that I currently have
the server set up as one to one nat. I've tried a bunch of other
configurations but this one
On Thu, Sep 27, 2012 at 04:51:37PM -0500, Derek Martin wrote:
eric@webserver1:~$ ping 173.194.43.38
PING 173.194.43.38 (173.194.43.38) 56(84) bytes of data.
hangs forever here
Ping is a bad test,
By which I mean it is a good test, until it fails (which is why I
suggested it originally,
On Thu, Sep 27, 2012 at 06:09:02PM +, Edward Ned Harvey (blu) wrote:
From: Derek Martin [mailto:inva...@pizzashack.org]
You can't attack a service that isn't
there, or can't hear you.
Why do we care about having a firewall at all? Why don't we just
shut off services that aren't
On Thu, Sep 27, 2012 at 06:09:02PM +, Edward Ned Harvey (blu) wrote:
Why do we care about having a firewall at all?
Besides, in many cases, the REAL answer to this question is ...to
satisfy management that we're doing something useful about our data
security. =8^)
--
Derek D. Martin
On Thu, 27 Sep 2012 16:52:20 -0500
Derek Martin inva...@pizzashack.org wrote:
You've been told by multiple people that one-to-one NAT is not going
to work correctly.
It will work just fine, if it's set up properly.
I say that 1:1 NAT can't be set up properly in the environment
described.
From: discuss-bounces+blu=nedharvey@blu.org [mailto:discuss-
bounces+blu=nedharvey@blu.org] On Behalf Of Eric Chadbourne
I did the following:
1. I gave the server a static ip in virtualbox and on the router.
I'm just going to assume you know what you're talking about - because the
From: Edward Ned Harvey (blu)
Second, don't enable one-to-one NAT.
1-to-1 NAT means every packet destined for some external IP address will be
NAT'd to some internal IP address.
This is how you effectively put an internal machine outside the firewall. The
only difference between 1-to-1 NAT,
On Wed, Sep 26, 2012 at 11:23:37AM +, Edward Ned Harvey (blu) wrote:
From: Edward Ned Harvey (blu)
Second, don't enable one-to-one NAT.
1-to-1 NAT means every packet destined for some external IP address
will be NAT'd to some internal IP address.
This is how you effectively put an
On Wed, 26 Sep 2012 14:10:20 -0500
Derek Martin inva...@pizzashack.org wrote:
Agreed... though if the web server is the only service that's
listening to external connections, or all the other listening services
are blocked off by a firewall, again there's not much difference in
risk, with the
On Tue, Sep 25, 2012 at 5:49 PM, John Abreau j...@blu.org wrote:
My first reaction would be to check if the vm's resolv.conf is correct.
If outside machines can successfully retrieve web pages from the vm,
then routing seems to be fine.
Try pinging by ip address instead of by name: instead of
On Wed, Sep 26, 2012 at 11:55:37PM -0400, Eric Chadbourne wrote:
Hopefully this will provide some clues. Note that I currently have
the server set up as one to one nat. I've tried a bunch of other
configurations but this one appears to function as desired. The
server has ufw enabled to
Hi All,
I have an odd problem.
I have an unbuntu web sever in virtualbox. We're sitting behind a
small business cisco router.
I did the following:
1. I gave the server a static ip in virtualbox and on the router.
2. Opened port 80 on the cisco device. Any source and any ip to
static ip.
On Tue, 25 Sep 2012 17:05:08 -0400
Eric Chadbourne e...@aaca-boston.org wrote:
My web server is visible from the world and is visible on our lan.
Oddly my server cannot see out. For example:
You probably don't want one-to-one NAT. A simple port forward for port
80 on the firewall to port 80
21 matches
Mail list logo
