----- Original Message ----- From: "Rob Wellesley" <[EMAIL PROTECTED]> To: "Devinfo@Lists" <[EMAIL PROTECTED]> Sent: Wednesday, September 18, 2002 2:58 PM Subject: [e-smith-devinfo] Server and Gateway?
> Since SME is designed to operate as the internet gateway it would be optimal if > the administrator could "open ports" simply as one can with a standalone > firewall. > Port forward is fine (thanks Darrell) where you want to direct a request to a > single server but is not much good when a port needs to be just "open" to the > LAN. Due to the fact that SME server implements a NAT firewall, what you're asking for isn't possible. > 1. Is there a development path that will see this "feature" arrive? Or am I > really missing something here? > 2. Can someone point me to anything that will help me understand why it > can/can't be done - (learning, learning, learning :-) NAT firewalls translate traffic between a private sub-net and a single public IP number. Just imagine your public IP number is 100.100.100.100 and your private sub-net is 192.168.1.*. If someone sends a request to a port on 100.100.100.100, how does the server know which IP in the private sub-net to forward the request? Similarly, if someone sends a request to 192.168.1.*, then the packet will never arrive on your server in the first place. It's one major problem with a NAT firewall. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
