<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: RE: NAT... misunderstanding
From: Daniel Gibbs <d.gibbs,AT,online-bills,DOT,com>
Date: Wed, 2 Oct 2002 11:10:20 +0200
Title: RE: NAT... misunderstanding


<SPAN 
class=403345408-02102002>OK..
<SPAN 
class=403345408-02102002>?
NAT 
works? (basicly) this way.
<SPAN 
class=403345408-02102002>?
<SPAN 
class=403345408-02102002>Incoming requests are rejected unless the incoming 
stream is related or there is a map(forwarding) from either the origination 
ip 
and/or port. 
<SPAN 
class=403345408-02102002>However there can be problems:
eg FTP 
- the NAT router needs to know how to handle this.
<SPAN 
class=403345408-02102002>?
What I 
have on my set up is
<SPAN 
class=403345408-02102002>?
<SPAN 
class=403345408-02102002>Win2k/cipe -> Nat Router --Inet -- Linux 
firewall/cipe
<SPAN 
class=403345408-02102002>?
On my 
nat router I have the required ports forwarded to the win2k box for 
cipe.
<SPAN 
class=403345408-02102002>?
I had 
fun when trying t o set up cipe on the linix box because it uses 3 (or 4) 
real 
ip's.
I 
wanted to use one of the lesser used ones but forgot about the natting rules 
which put the box on a diffrent ip than the one I was trying to 
use.
<SPAN 
class=403345408-02102002>?
<SPAN 
class=403345408-02102002>Anyways, you may need to forward ports from your nat 
box to your client box (as I have had to do).
<SPAN 
class=403345408-02102002>?
<SPAN 
class=403345408-02102002>?
<SPAN 
class=403345408-02102002>dan
<SPAN 
class=403345408-02102002>?

  <FONT face=Tahoma 
  size=2>-----Original Message-----From: Kirill S. Tarashev 
  [mailto:rikoil,AT,iss,DOT,ru: 02 October 2002 09:50 AMTo: 
  Daniel GibbsSubject: RE: NAT... 
  misunderstanding
  As I 
  understand you, I can use CIPE client behind NAT for out going access but 
not 
  for incoming.
  or 
  
  If 
  I'm a client behind NAT, I can initiate connection to server?and it will 
  work, but server cann't initiate connection to me itself.
  Is 
  it correct?
  <FONT face=Arial color=#0000ff 
  size=2>?
  <FONT face=Arial color=#0000ff 
  size=2>Kirill?
  
    <FONT face=Tahoma 
    size=2>-----Original Message-----From: Daniel Gibbs 
    [mailto:d.gibbs,AT,online-bills,DOT,com: Wednesday, October 02, 
    2002 12:25 PMTo: 'Kirill S. Tarashev'Subject: RE: 
    NAT... misunderstanding
    Hi, it can work aslong as the NAT firewall knows what to do 
    with incoming packets. I'm using cipe on w2k behind 
    a Nat router, ok it doent work 100% but that's probbly my config. 

    dan 
    -----Original Message----- From: 
    Kirill S. Tarashev [<A 
    href="mailto:rikoil,AT,iss,DOT,ru";>mailto:rikoil,AT,iss,DOT,ru <FONT 
    size=2>Sent: 02 October 2002 06:55 AM To: 
    cipe-l,AT,inka,DOT,de Subject: NAT... 
    misunderstanding 
    Sorry for stupid question, but probably I don't understand 
    some important things.. 
    in the main page of <A 
    href="http://sites.inka.de/sites/bigred/devel/cipe.html"; 
    target=_blank>http://sites.inka.de/sites/bigred/devel/cipe.html I 
    can fine text "......Special 
    care has been taken to make this work over dynamic addresses, 
    NAT and SOCKS proxies" 
    but in the documentation - cipe-1.5.1.texinfo 
    something like that "Here is in 
    detail how it is possible to build CIPE links between <FONT 
    size=2>different classes of carriers. Those classes are, based on how 
they 
    are able to reach the Internet: <FONT 
    size=2>............. 4. Indirect connection through 
    a NAT (masquerading) router.(NAT, <FONT 
    size=2>masquerading) 
    This produces ten different combinations: <FONT 
    size=2>............. 4-4 Not possible. Neither side 
    gets to know its effective carrier address at <FONT 
    size=2>all 
    question: Whether or not it can work with client behind NAT 
    firewall??? (Server with CIPE has Internet IP, 
    client works through the NAT firewall) 
    Because, I didn't find any link in documentation to this 
    subject.... 
    Thank you 
    -- Message sent by the 
    cipe-l,AT,inka,DOT,de mailing list. Unsubscribe: mail 
    majordomo,AT,inka,DOT,de, "unsubscribe cipe-l" in body <FONT 
    size=2>Other commands available with "help" in body to the same 
    address. CIPE info and list archive: <URL:<A 
    href="http://sites.inka.de/~bigred/devel/cipe.html"; 
    target=_blank>http://sites.inka.de/~bigred/devel/cipe.html> 
    



<< | Thread Index | >> ]    [ << | Date Index | >> ]