network gateway with a foreign IP address
max
maximilianbianco at gmail.com
Sat Apr 12 15:20:39 UTC 2008
max wrote:
> Claude Jones wrote:
>> On Sat April 12 2008, John Cornelius wrote:
>>> I gather that it's simply a case of you moving from direct connection to
>>> the Internet to a connection that's behind your Cisco router. I further
>>> presume that the (nominal) 70.x.x.120 address belongs to the Cisco. In
>>> that case you probably don't want to do what you propose.
>>>
>>
>> Thanks for your thoughts, and yes, your surmising is correct
>>
>>> Your box should be set up on the internal LAN subnet in the normal way.
>>> All of the interesting configuration should be done on the Cisco router
>>> by setting up source and destination NAT so that internet traffic on
>>> specific ports addressed to the Cisco are routed to your box and
>>> responses are automatically routed back through the Cisco to their
>>> destination.
>>>
>>
>> I viscerally believe you're correct, here - else why is this the way
>> this is universally done, but I sure could use some better technically
>> grounded expertise in the whys and wherefores
>>
>>> Trying to deal with this issue from inside the LAN rather than in the
>>> router will most likely lead to frustration since whatever you do will
>>> be fragile and probably break often if it works at all.
>>
>> This is where I need better argumentation...if you can help, it would
>> be appreciated. Specific examples of why it's a bad idea, security
>> problems that could occur, other issues...unfortunately, this
>> configuration has been handed to me, it's not my idea, so I need to
>> understand what's wrong with it and be able to offer sound arguments
>> for the more conventional approach, if there's is a really sound
>> technical reason for not doing it this way.
>> I'm also dealing with the fact that another Linux box, a mail server,
>> has been moved on to this new FIOS lan and configured using the hack
>> that I cited in my original post, and is working quite nicely -
>> unfortunately, I don't clearly understand how to implement that hack
>> on Fedora, but, I'm getting the "if Jack could do this with his Debian
>> box, why can't you with your Fedora?"....
>>
> I saw a video once, world's most unbelievable videos or some such, of a
> guy who's chute failed to open. The camera tracked all the way down,
> this guy jumped right up and started running around shouting "I'm alive"
> . Lucky bastard. Soft marshy ground saved his ass. Most people who have
> a chute that fails to open don't usually survive. That's in case you
> can't make a technical argument or more likely even if you can it sounds
> like it will fail because the other people are already convinced it
> should work out ok. Personally I can't make the technical argument
> against....yet but it sure doesn't sound right. I have worked to very
> limited degree with Cisco routers but you can do alot of config in there
> and as others have pointed out the box on LAN should be oblivious to
> what the router does anyway.
>
> Good Luck,
>
> Max
Couldn't follow the original posted link either, hopefully it will pull
up later so I can see what the hell it says.
Max
More information about the fedora-list
mailing list