On Wednesday, January 21, 2004, at 06:16 PM, Scott Rossi wrote:
Can some kind soul enlighten me as to what I'm doing wrong?
Sure!
Only, I'm not clear on your setup.
Is it this?
A.
Internet ------ Firewall -----------------------------Client
|
ServerOr this?
B. Client -------- Internet ---------- Firewall ---------Server
Or this?
C. Client ---- Firewall ----- Internet ----- Firewall ----Server
If it is A, your firewall (as firewall) should not be a problem. Just point to the private address.
If B or C, the client will need to point to the public address of that server for that service.
The firewall will use NAT (network address translation) to translate addresses (and ports).
One form is sometimes called masquerade; it represents to the Internet all private addresses behind the firewall as (typically) one address and ports are shuffled about to accommodate collisions. This almost always applies to clients behind the firewall.
Servers are handled a couple ways. One is a fixed NAT in which a public address is assigned to the whole port space of a computer. An address on the outside is mapped directly to a private address. Another method is to assign a port on the public side of the server to a port on the private computer. This keeps the public addresses down.
If the server is behind a firewall, it will normally be handled one of those two ways. The simple SOHO routers usually make it easier for the latter. This works well for an environment that uses masquerade, even for a computer supplying a service. Because of the kinds of things I do for customers, I usually have the first.
At my lab, I mix all of the above methods.
So, depending on the situation, you may have to fiddle with the router.
Dar Scott
_______________________________________________ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
