network gateway with a foreign IP address

max maximilianbianco at gmail.com
Sat Apr 12 15:20:39 UTC 2008 

max wrote:
> Claude Jones wrote:
>> On Sat April 12 2008, John Cornelius wrote:
>>> I gather that it's simply a case of you moving from direct connection to
>>> the Internet to a connection that's behind your Cisco router. I further
>>> presume that the (nominal) 70.x.x.120 address belongs to the Cisco. In
>>> that case you probably don't want to do what you propose.
>>>
>>
>> Thanks for your thoughts, and yes, your surmising is correct
>>
>>> Your box should be set up on the internal LAN subnet in the normal way.
>>> All of the interesting configuration should be done on the Cisco router
>>> by setting up source and destination NAT so that internet traffic on
>>> specific ports addressed to the Cisco are routed to your box and
>>> responses are automatically routed back through the Cisco to their
>>> destination.
>>>
>>
>> I viscerally believe you're correct, here - else why is this the way 
>> this is universally done, but I sure could use some better technically 
>> grounded expertise in the whys and wherefores
>>
>>> Trying to deal with this issue from inside the LAN rather than in the
>>> router will most likely lead to frustration since whatever you do will
>>> be fragile and probably break often if it works at all.
>>
>> This is where I need better argumentation...if you can help, it would 
>> be appreciated. Specific examples of why it's a bad idea, security 
>> problems that could occur, other issues...unfortunately, this 
>> configuration has been handed to me, it's not my idea, so I need to 
>> understand what's wrong with it and be able to offer sound arguments 
>> for the more conventional approach, if there's is a really sound 
>> technical reason for not doing it this way.
>> I'm also dealing with the fact that another Linux box, a mail server, 
>> has been moved on to this new FIOS lan and configured using the hack 
>> that I cited in my original post, and is working quite nicely - 
>> unfortunately, I don't clearly understand how to implement that hack 
>> on Fedora, but, I'm getting the "if Jack could do this with his Debian 
>> box, why can't you with your Fedora?"....
>>
> I saw a video once, world's most unbelievable videos or some such, of a 
> guy who's chute failed to open. The camera tracked all the way down, 
> this guy jumped right up and started running around shouting "I'm alive" 
> . Lucky bastard. Soft marshy ground saved his ass. Most people who have 
> a chute that fails to open don't usually survive. That's in case you 
> can't make a technical argument or more likely even if you can it sounds 
> like it will fail because the other people are already convinced it 
> should work out ok. Personally I can't make the technical argument 
> against....yet but it sure doesn't sound right. I have worked to very 
> limited degree with Cisco routers but you can do alot of config in there 
> and as others have pointed out the box on LAN should be oblivious to 
> what the router does anyway.
> 
> Good Luck,
> 
> Max
Couldn't follow the original posted link either, hopefully it will pull 
up later so I can see what the hell it says.

Max

More information about the fedora-list mailing list