> I have a Qube2 running as our web server behind a Cayman Router (3220H). > > I want to implement the NAT on the Router to act as a firewall. I followed > the instructions listed on the Cayman website on how to allow access to IP > addresses behind the Router when NAT is turned on. The pinhole is set to > TCP the ip address of the Qube and the port 80 (for web access). > > When the NAT is turned on nothing on our LAN is accessible from the outside, > especially the Qube web service. > > The only difference is that NAT is turned on. I'm just curious if there were > any little things I needed to watch out for in order to make this behave > correctly. I've also read the cobalt knowledge resource and i get the > impression that the Qube doesn't even support this. If so, please let me > know that as we can pursue a different solution. If you want your clients to access the siteadmin with their browsers, you will have to open up port 81, since the admin web server uses that one. You migth also have open ports for databases, but you can also do it the secure way: with ssh. In this latter case you need to open port 22 to allow ssh to get through. In general you can see in the /etc/services file which service runs on which port, and decide if you want to allow it through your firewall. You will have to inspect carefully all CGI scripts made by your clients, the best firewall is useless if you are compromised from the inside...
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature