* how to configure a router/firewall with no nat
@ 2007-01-13 17:40 Carlos Rotenberg
2007-01-13 18:34 ` Pascal Hambourg
2007-01-13 21:13 ` Elvir Kuric
0 siblings, 2 replies; 5+ messages in thread
From: Carlos Rotenberg @ 2007-01-13 17:40 UTC (permalink / raw)
To: netfilter
I have to create a Firewall/Router with Iptables to protect our clients, but
I can't do NAT, my clients have to have Public IPs on their servers.
I was trying to figure out how to do that, but I couldn't get any clue.
The provider assigned me a /24 network and he gave me /30 network for the
external network, if someone can help me, I'll appreciate it.
Thank you,
Carlos
Example:
Router Network 200.200.199.0/30
Provider Router Ip address: 200.200.199.1
My Firewall/Router IP address: 200.200.199.2
Clients Network assigned: 200.200.200.0/24
200.200.199.1/30 FIREWALL 200.200.200.1/28
200.200.200.0/27
INTERNET ----------------------- ROUTER
------------------------------------------ CLIENT 1 SERVERS
200.200.199.2/30 IPTABLES |
Default gateway: 200.200.200.1
|
|
|
| 200.200.200.33/28
200.200.200.32/28
------------------------------------------ CLIENT 2 SERVERS
|
Default gateway: 200.200.200.33 |
|
|
|
| 200.200.200.65/27
200.200.200.64/27
------------------------------------------ CLIENT 3 SERVERS
|
Default gateway: 200.200.200.65
|
|
|
| 200.200.200.129/25
200.200.200.128/25
------------------------------------------ CLIENT 4 SERVERS
Default gateway: 200.200.200.129
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: how to configure a router/firewall with no nat
2007-01-13 17:40 how to configure a router/firewall with no nat Carlos Rotenberg
@ 2007-01-13 18:34 ` Pascal Hambourg
2007-01-13 21:13 ` Elvir Kuric
1 sibling, 0 replies; 5+ messages in thread
From: Pascal Hambourg @ 2007-01-13 18:34 UTC (permalink / raw)
To: netfilter
Hello,
Carlos Rotenberg a écrit :
> I have to create a Firewall/Router with Iptables to protect our clients, but
> I can't do NAT, my clients have to have Public IPs on their servers.
Lucky you. :-) NAT is evil.
> I was trying to figure out how to do that, but I couldn't get any clue.
It is exactly the same as a firewall/routeur with NAT, except that it
has no NAT rules.
- Enable IP forwarding.
- Add filtering rules according to your specifications (what is accepted
from where to where, what is not).
PS : your lines are too long and were wrapped, so your diagram is hard
to read.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: how to configure a router/firewall with no nat
2007-01-13 17:40 how to configure a router/firewall with no nat Carlos Rotenberg
2007-01-13 18:34 ` Pascal Hambourg
@ 2007-01-13 21:13 ` Elvir Kuric
2007-01-13 21:48 ` Pascal Hambourg
1 sibling, 1 reply; 5+ messages in thread
From: Elvir Kuric @ 2007-01-13 21:13 UTC (permalink / raw)
To: Carlos Rotenberg, netfilter
Hi,
I really do not understand why you want to avoid nat?
You probably know that is possible to route ( nat :)
)
traffic to servers located inside internal network,
and users should not know that, and on specific
access points ( I mean public ip addresses ) you can
accept all traffic to your servers ( which are inside
safety of internal network )
Regards
Elvir Kuric
--- Carlos Rotenberg <rotenberg@gmail.com> wrote:
> I have to create a Firewall/Router with Iptables to
> protect our clients, but
> I can't do NAT, my clients have to have Public IPs
> on their servers.
> I was trying to figure out how to do that, but I
> couldn't get any clue.
>
> The provider assigned me a /24 network and he gave
> me /30 network for the
> external network, if someone can help me, I'll
> appreciate it.
>
> Thank you,
>
> Carlos
>
> Example:
> Router Network 200.200.199.0/30
> Provider Router Ip address: 200.200.199.1
> My Firewall/Router IP address: 200.200.199.2
>
> Clients Network assigned: 200.200.200.0/24
>
>
> 200.200.199.1/30 FIREWALL
> 200.200.200.1/28
> 200.200.200.0/27
> INTERNET ----------------------- ROUTER
> ------------------------------------------ CLIENT 1
> SERVERS
> 200.200.199.2/30 IPTABLES |
> Default gateway: 200.200.200.1
> |
> |
> |
> |
> 200.200.200.33/28
> 200.200.200.32/28
>
> ------------------------------------------ CLIENT 2
> SERVERS
> |
> Default gateway: 200.200.200.33
> |
> |
> |
> |
> |
> 200.200.200.65/27
> 200.200.200.64/27
>
> ------------------------------------------ CLIENT 3
> SERVERS
> |
> Default gateway: 200.200.200.65
> |
> |
> |
> |
> 200.200.200.129/25
> 200.200.200.128/25
>
> ------------------------------------------ CLIENT 4
> SERVERS
>
> Default gateway: 200.200.200.129
>
>
>
>
____________________________________________________________________________________
No need to miss a message. Get email on-the-go
with Yahoo! Mail for Mobile. Get started.
http://mobile.yahoo.com/mail
____________________________________________________________________________________
Get your own web address.
Have a HUGE year through Yahoo! Small Business.
http://smallbusiness.yahoo.com/domains/?p=BESTDEAL
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: how to configure a router/firewall with no nat
2007-01-13 21:13 ` Elvir Kuric
@ 2007-01-13 21:48 ` Pascal Hambourg
2007-01-15 4:27 ` Grant Taylor
0 siblings, 1 reply; 5+ messages in thread
From: Pascal Hambourg @ 2007-01-13 21:48 UTC (permalink / raw)
To: netfilter
Elvir Kuric a écrit :
>
> I really do not understand why you want to avoid nat?
I really do not understand why one would use NAT when they do not have
to. NAT is a necessary evil, and when it is not necessary, it is just
evil. NAT does not provide security, or only through obscurity.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: how to configure a router/firewall with no nat
2007-01-13 21:48 ` Pascal Hambourg
@ 2007-01-15 4:27 ` Grant Taylor
0 siblings, 0 replies; 5+ messages in thread
From: Grant Taylor @ 2007-01-15 4:27 UTC (permalink / raw)
To: Mail List - Netfilter
On 01/13/07 15:48, Pascal Hambourg wrote:
> I really do not understand why one would use NAT when they do not have
> to. NAT is a necessary evil, and when it is not necessary, it is just
> evil. NAT does not provide security, or only through obscurity.
I believe it is the obscurity that some people seek when using NAT. The
only other reason (at the moment) I can thing off for wanting to NAT
inbound traffic is so that the advertised IP address can serve multiple
resources, even if one machine can not. I.e. direct HTTP to the web
server(s), SMTP to the exchange servers or the sendmail server, or VPN
traffic to an internal VPN concentrator, etc. This allows a company to
minimize the number of IPs that are directly accessible on the net.
Grant. . . .
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-01-15 4:27 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-01-13 17:40 how to configure a router/firewall with no nat Carlos Rotenberg
2007-01-13 18:34 ` Pascal Hambourg
2007-01-13 21:13 ` Elvir Kuric
2007-01-13 21:48 ` Pascal Hambourg
2007-01-15 4:27 ` Grant Taylor
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.