router setup nat

If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):

From - Fri Jun 16 07:32:21 2000
Path: news.randori.com!korova.insync.net!news.maxwell.syr.edu!news.he.net!sn-xit-03!supernews.com!sn-inject-01!corp.supernews.com!not-for-mail
From: Jeff Liebermann <jeffl@comix.santa-cruz.ca.us>
Newsgroups: comp.unix.sco.misc
Subject: Re: network setup advice sought
Date: Thu, 15 Jun 2000 00:34:37 -0700
Organization: Committee To Maintain an Independent Xenix
Lines: 82
Message-ID: <otvgkskr55l8nmkpcgr03cp812ks3guurb@4ax.com> 
References: <80q15.8247$yA5.563751@bgtnsc05-news.ops.worldnet.att.net> <pmncks8kot69nctru8g9h75jnve6421a82@4ax.com> <8i9dbr$uja$1@slb1.atl.mindspring.net> 
Reply-To: jeffl@comix.santa-cruz.ca.us
X-Complaints-To: newsabuse@supernews.com
X-Newsreader: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Xref: news.randori.com comp.unix.sco.misc:61761
X-Mozilla-Status: 8010
X-Mozilla-Status2: 00000000

On Wed, 14 Jun 2000 21:52:53 -0400, "Doug Satterfield"
<doug@satterfieldusa.com> wrote:

>A couple of questions concerning this network, I am looking into this same
>setup for a customer.

In reality, no two network setups are exactly the same.  

>If  the Tele Co. installs a router can I still use ipnat and ipfilter for
>the access and firewall?

The telephone company does not install a router.  They install an ISDN
line, DS0, ADSL, SDSL, T1, etc line.  That's 2 or 4 wires and not much
else.  In some cases, they supply an xDSL "modem".  You supply the
router and sometimes the modem or CSU/DSU.

Routers come in a wide variety of configurations.  However, they all
have a common characteristic.  They control packets between the WAN
(wide area network) side, and the LAN (local area network) side of the
router.  The router inspects the IP headers and decides who shall
pass, who shall be NAT translated, who shall be dropped, and sometimes
sniff the payload.

If the router has a built in firewall, you don't need IPfilters.  If
the router does NAT, you don't need IPNAT.  If your router has
neither, then both will need to be provided on the OSR5 box.  In this
case, a 2nd NIC card will need to be installed on the OSR5 box.  As
you may notice, the exact topology depends largely on the model of
router.

Whatever you do, don't do NAT on both the first router and the OSR5
box.

>If I install a 2nd NIC in the SCO server,  can I use a DHCP client for 1 NIC
>and static for the other, and omit the router and use ipnat and ipfilter?

I don't understand the question.  Adding the 2nd NIC to the OSR5 box
turns the OSR5 box into a router with WAN and LAN sides.  Where the IP
addresses come from make no difference.  IPNat and IPFilters are part
of TLS711, while DHCP client is TLS709.  Different packages.  If your
ISP delivers its addresses via DHCP, then the first router will need
to be running DHCP to get an IP address.  If what you call a router is
actually an xDSL modem, that requires no IP address to operate, then
the DHCP client can be running on the OSR5 box.  The 2nd NIC should be
static as this will be the default gateway for your internal LAN and
should not change.

>How does one telnet into the server thru the net?

If NAT is running on the first router, then you need to punch a hole
in the firewall.  Assuming you have NAT running, you need to
translate:
        WAN_IP_address:23  --->  OSR5_box_LAN_IP_address:23
Port 23 is the telnet port.  Everything that goes to port 23(telnet)
from the WAN (internet) goes to the OSR5 box on port 23.

If the first router is actually a modem (no NAT) and you're running
NAT on the OSR5 box, then just telnet to the server IP.  However, I
would recommend using secure shell (SSH).

>Does the site have to
>have a static IP and use the router had to support NAT on the router?

No.  NAT will work just fine with a dynamic IP on the WAN end.  The
problem is that you can't easily run mail, web, or ftp servers or use
a domain name without a fixed IP addresses and fulltime connection.
There are some ways for dealing with moving target IP's and domain
names.
        http://www.dyndns.com
I've used them with Linux, but not OSR5.  Another potential problem is
PPPoE, the new dynamic IP protocol from hell.  No OSR5 support at this
time.

Next time, how about a clue as to what you're trying to accomplish and
what you have to work with?


-- 
Jeff Liebermann   jeffl@comix.santa-cruz.ca.us
150 Felker St #D  Santa Cruz CA  95060
831-421-6491 pager   831-429-1240 fax
http://www.cruzio.com/~jeffl/sco/   SCO stuff

Macworld Digital Photography Superguide

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.