[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Using Qube behind Cayman Router
- Subject: RE: [cobalt-users] Using Qube behind Cayman Router
- From: "Jeff Newman" <mjeffn@xxxxxxxx>
- Date: Wed Apr 5 14:56:25 2000
I checked their web site and reviewed the manual, the pin hole is what is
reffered to as port forwarding or static NAT.
I'm guessing that you are trying to go from the router to the primary
interface and from the secondary interface to the lan. I imagine that your
intent is to be able to forward port 25 etc. to the routers ip address and
filter any packets to/from the trusted lan on the secondary interface. I
don't think that this will work the way you appear to be doing it. Here are
some alternatives.
If you only have one real ip and it has to be the router your only choice
(without purchasing something) is to assign a trusted lan ip address to the
primary and put the cube on the same network as your lan. This means not
using the secondary interface and not filtering packets for the trusted lan.
Use pinhole to forward only those ports necessary. Not very secure.
If you have two (or more) real IP's then assign one to the router and one to
the cube. Do not use the pin hole or NAT feature of the router. Assign the
secondary interface of the cube an address from your trusted lan's address
space. Configure the cube to use NAT and the firewall. This will be as
secure as you can make it with what you've got.
Of course the third choice is to purchase a real firewall such as the
Watchguard Firebox II, or the Sonicwall DMZ or Pro.
If I am 'off' on how you have laid out your network or on the IP address
details give me some more information. I know that we will get this licked.
Jeff N
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Antony Chang
> Sent: Wednesday, April 05, 2000 2:25 PM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: RE: [cobalt-users] Using Qube behind Cayman Router
>
>
> The pinhole is similar used for port forwarding i guess.
> I assume it's a static NAT. Pinholes are supposed to allow
> you to forward
> outside traffic to a specific ip address on the LAN with a
> specific port
> number.
> Our lan addresses are real.
> Primary interface ip address is real.
> It's not the same address space. The WAN IP is on a
> different address space
> from the LAN IP. (are you referring to the first two numbers of the IP
> address? the LAN and WAN ones are different. WAN being what
> people see as
> the IP address of our router from the outside.)
> The Qube is on the same wire behind the router.
>
>
> >I don't know the cayman router and am not familiar with the
> term pinhole.
> >Does pinhole refer to port forwarding (aka static NAT)?
>
> >Are your lan addresses real or are they non-routable?
> >Is the primary interface of your cube a real address or nonroutable?
> >Do the Cube and your lan use the same address space?
> >Are they both behind the router on the same wire?
>
> >With this information I think that I can at least get you on
> the right
> >track, if not determine the problem outright.
>
> >Jeff N
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>