[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
Cheers,
Jeff
-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Brian Fairchild
Sent: Thursday, March 16, 2000 10:29 AM
To: 'cobalt-security@xxxxxxxxxxxxxxx'
Subject: [cobalt-security] static nat routing...
Hello,
We just installed a qube in a client's network. They have a server that
they want to keep behind the qube but give public access to it. Does anyone
know how to set up a static route from a public address to a private one
behind the nat server (the Qube)?
Regards,
Brian
e-companies
------=_NextPart_000_0014_01BF8F39.00A53C80
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<TITLE>static nat routing...</TITLE>
<META content=3D"MSHTML 5.00.2722.2800" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D580260617-16032000>What=20
you are looking to do is generally referred to as static NAT or port=20
forwarding. The Cube 2 uses the older ipfwadm as the =
firewall. I'm=20
not sure whether ipfw has the static NAT capability or not. The =
newer=20
ipchains does. If ipfwadm can do it, you would have to manually =
modify the=20
scripts which would most likely conflict with the GUI and possibility =
break=20
it</SPAN></FONT><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D580260617-16032000>.</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D580260617-16032000></SPAN></FONT> </DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN =
class=3D580260617-16032000>From a=20
security point of view, doing this is something that you should advise =
your=20
client agains. The Cube 2 firewall is not a complete firewall, nor =
is the=20
Linux kernel hardened. I have been advising two clients to =
purchase one of=20
two products, the Sonicwall DMZ (at a minimum) and preferrably the =
Watchguard II=20
LSS. It really depends on the situation =
though.</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D580260617-16032000></SPAN></FONT> </DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D580260617-16032000>Cheers,</SPAN></FONT></DIV>
<DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20
class=3D580260617-16032000>Jeff</SPAN></FONT></DIV>
<BLOCKQUOTE style=3D"MARGIN-RIGHT: 0px">
<DIV class=3DOutlookMessageHeader><FONT face=3D"Times New Roman"=20
size=3D2>-----Original Message-----<BR><B>From:</B>=20
cobalt-security-admin@xxxxxxxxxxxxxxx=20
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]<B>On Behalf Of</B> =
Brian=20
Fairchild<BR><B>Sent:</B> Thursday, March 16, 2000 10:29 =
AM<BR><B>To:</B>=20
'cobalt-security@xxxxxxxxxxxxxxx'<BR><B>Subject:</B> [cobalt-security] =
static=20
nat routing...<BR><BR></DIV></FONT>
<P><FONT face=3DArial size=3D2>Hello,</FONT> </P>
<P><FONT face=3DArial size=3D2>We just installed a qube in a client's =
network.=20
They have a server that they want to keep behind the qube but give =
public=20
access to it. Does anyone know how to set up a static route from a =
public=20
address to a private one behind the nat server (the Qube)?</FONT></P>
<P><FONT face=3DArial size=3D2>Regards,<BR>Brian</FONT> <BR><FONT =
face=3DArial=20
size=3D2>e-companies</FONT> </P></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0014_01BF8F39.00A53C80--