Sorry Lonnie yes I didnt think about it obviously but yes a handy plugin. Regards Michael Knill
-----Original Message----- From: Lonnie Abelbeck <li...@lonnie.abelbeck.com> Reply-To: AstLinux List <astlinux-users@lists.sourceforge.net> Date: Saturday, 28 May 2016 at 12:19 AM To: AstLinux List <astlinux-users@lists.sourceforge.net> Subject: Re: [Astlinux-users] NAT Loopback Michael, The NAT Loopback plugin only apples to internal NAT'ed servers where internal clients can access those servers by the public IP rather than the local private IP. Useful for mobile devices that may hop between the public and private side of the network. In the XMPP case it is not NAT'ed since it operates at the network edge (assuming AstLinux is at the edge). AstLinux's XMPP server (Prosody) supports "multihomed" access such that return packets follow the same path they entered, so a device on the private side could use the XMPP public IP (via the DNS SRV record) and it would work. *If* Prosody did not support multihomed access then a different DNS SRV record would be needed on the private side to point to a private IP. Somewhat related, OpenVPN by default does not support multihomed access, but the OpenVPN Server Configuration: -- Raw Commands: multihome -- enables multihome support, which can be useful with mobile devices. Alternatively, different public/private DNS A records could also solve this, but if the mobile device caches the DNS for any period of time this may not work as well as a single public DNS A record with multihome support enabled. Lonnie On May 26, 2016, at 11:34 PM, Michael Knill <michael.kn...@ipcsolutions.com.au> wrote: > Hi group > > I was just looking at the firewall plugins and I noticed NAT Loopback. > I recently set up XMPP for a customer to be used internally and externally. I > set it up using SRV records pointing internal and external which was a good > learning experience but could have I just turned on NAT Loopback and point > everything to the External Address? Any disadvantages with this? > > Regards > Michael Knill ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org. ------------------------------------------------------------------------------ What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic patterns at an interface-level. Reveals which users, apps, and protocols are consuming the most bandwidth. Provides multi-vendor support for NetFlow, J-Flow, sFlow and other flows. Make informed decisions using capacity planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.