Cheers, Jeff -----Original Message----- From: cobalt-security-admin@xxxxxxxxxxxxxxx [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Brian Fairchild Sent: Thursday, March 16, 2000 10:29 AM To: 'cobalt-security@xxxxxxxxxxxxxxx' Subject: [cobalt-security] static nat routing... Hello, We just installed a qube in a client's network. They have a server that they want to keep behind the qube but give public access to it. Does anyone know how to set up a static route from a public address to a private one behind the nat server (the Qube)? Regards, Brian e-companies ------=_NextPart_000_0014_01BF8F39.00A53C80 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <TITLE>static nat routing...</TITLE> <META content=3D"MSHTML 5.00.2722.2800" name=3DGENERATOR></HEAD> <BODY> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN = class=3D580260617-16032000>What=20 you are looking to do is generally referred to as static NAT or port=20 forwarding. The Cube 2 uses the older ipfwadm as the = firewall. I'm=20 not sure whether ipfw has the static NAT capability or not. The = newer=20 ipchains does. If ipfwadm can do it, you would have to manually = modify the=20 scripts which would most likely conflict with the GUI and possibility = break=20 it</SPAN></FONT><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D580260617-16032000>.</SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D580260617-16032000></SPAN></FONT> </DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN = class=3D580260617-16032000>From a=20 security point of view, doing this is something that you should advise = your=20 client agains. The Cube 2 firewall is not a complete firewall, nor = is the=20 Linux kernel hardened. I have been advising two clients to = purchase one of=20 two products, the Sonicwall DMZ (at a minimum) and preferrably the = Watchguard II=20 LSS. It really depends on the situation = though.</SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D580260617-16032000></SPAN></FONT> </DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D580260617-16032000>Cheers,</SPAN></FONT></DIV> <DIV><FONT color=3D#0000ff face=3DArial size=3D2><SPAN=20 class=3D580260617-16032000>Jeff</SPAN></FONT></DIV> <BLOCKQUOTE style=3D"MARGIN-RIGHT: 0px"> <DIV class=3DOutlookMessageHeader><FONT face=3D"Times New Roman"=20 size=3D2>-----Original Message-----<BR><B>From:</B>=20 cobalt-security-admin@xxxxxxxxxxxxxxx=20 [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]<B>On Behalf Of</B> = Brian=20 Fairchild<BR><B>Sent:</B> Thursday, March 16, 2000 10:29 = AM<BR><B>To:</B>=20 'cobalt-security@xxxxxxxxxxxxxxx'<BR><B>Subject:</B> [cobalt-security] = static=20 nat routing...<BR><BR></DIV></FONT> <P><FONT face=3DArial size=3D2>Hello,</FONT> </P> <P><FONT face=3DArial size=3D2>We just installed a qube in a client's = network.=20 They have a server that they want to keep behind the qube but give = public=20 access to it. Does anyone know how to set up a static route from a = public=20 address to a private one behind the nat server (the Qube)?</FONT></P> <P><FONT face=3DArial size=3D2>Regards,<BR>Brian</FONT> <BR><FONT = face=3DArial=20 size=3D2>e-companies</FONT> </P></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_0014_01BF8F39.00A53C80--
Zeffie's Sun Cobalt User Forums
Zeffie's Sun Cobalt Restore CD's
Zeffie's Sun Cobalt Updates
Sun Cobalt Users List
Sun Cobalt Security List
Sun Cobalt Developers List
Copyright 2007 by Electronic Consultants Inc.