[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FireHOL Question

On 23 Sep 2004, Mike Mestnik wrote:
> --- Daniel Pittman <daniel@rimspace.net> wrote:

[...]

>> Just a quick question: are you sure you don't want to give those LAN
>> machines a public IP address, and use standard IP forwarding?
>>
>> Others have suggested, of course, the use of the 'dnat' function with
>> firehol to perform the address transformation.  
>>
>> Also, note that using NAT means that accessing those public addresses
>> within the LAN will not work without significant and annoying work on
>> your part.
>
> Documented here:
> http://wiki.debian.net/index.cgi?Firewalls-dnat-redirect
>
> Now that I think of it, there are some of the same problems with using
> external IPs on an internel network. Though the default setup is working,
> ok, and valid.

Exactly which of the same problems do you see with using external IP
addresses on the internal network?

You see, as long as NAT is not involved, this is the way the Internet
has worked since the introduction of IP, so whatever issues you think
you see are ... difficult to imagine.


If there is some description of the problem you see on that page in the
wiki, I cannot locate it.

I have, however, started to rewrite it to make it easier to find actual
information in there.


So, if you could spell out which problems you imagine would be
encountered by not using NAT, that would be great.

Regards,
       Daniel
-- 
The length of a film should be directly related to the endurance of 
the human bladder.
        -- Alfred Hitchcock
Reply to: