Well, an example configuration that I'm using for web & e-mail hosting
on T1 I as follows...
I have my primary web server, DNS, and e-mail all on the PSN network of
the Gnatbox.
I have my T1 plugged into the EXT network of the gnatbox.
The public IP's I want assigned to my internal servers, I have assigned
as Aliases to the EXT interface of the gnatbox. For an example, a public
IP's for a web hosting server is 64.95.116.39. This IP is actually
assigned to the interface on the Gnatbox.
On the PSN network, all IP address are 10.0.0.x. For sake of simplicity
I use the same last number on my IP's. So the web site attached to the
63.94.115.39, on the web server, this IP address is 10.0.0.39.
Inside the gnatbox, you need to set up a combination of Remote Access
Filters and Inbound Tunnels to support your website. You make an Inbound
Tunnel of 64.95.116.39 TCP 80 maps to 10.0.0.39 80. (This is the
NAT/Inbound Tunnels section). Under Remote Access Filters
(Filters/Remote Access), you must specify a rule:
Accept notice ANY TCP nolog
from ANY_IP
to 63.94.115.39 80
Now, for simplicity's sake on my GnatBox, I actually have an Object
(Object/Addresses) for my web server. Since my web server has multiple
IP addresses, I don't want to create a rule for each and every IP
address, I can just create an Object that contains all of the IP
Addresses (The public IPs) that have been assigned to my web server, and
when I create my remote access filter I point to the object (in my case,
the object is called www_server) instead of any particular IP's:
Accept notice ANY TCP nolog
from ANY_IP
to www_server 80
Now, sometimes you require a particular internal device to have an exact
external address when communicating with the outside world (Case in
point, mail servers). Normally, any outbound traffic is NATted through
the main IP address of the EXT interface on the firewall. In the case of
mail servers especially, you would like them to appear as the IP address
you have assigned them. In this case, you'll want to set a Static
Address Map (NAT/Static Address Map). This will tell the GnatBox that
any traffic from the specified internal Object or Address will always go
out appearing as the interface specified.
Static Address Mappings
Index From To IP Address
----- -------------------------------- ---------------
2 10.0.0.205 alias_EXCHANGE
In this case, I have an Alias (alias_EXCHANGE) that is given the Public
IP address of 64.95.116.205. This rule tells the GnatBox that all
traffic from the server at 10.0.0.205 (which again, is on the PSN) will
route outbound traffic through 64.95.116.205 (Which is the IP assigned
to the alias). So, from the outside world, traffic from this server will
appear as the appropriate address. If I didn't have this alias, any
traffic coming from this server would appear from 64.95.116.2, which is
the primary IP assigned to the EXT interface in this case.
Christopher
> -----Original Message-----
> From: Adam M. Corder [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 06, 2005 08:49
> To: [email protected]
> Subject: RE: [gb-users] Web Server Behind GnatBox
>
> Chris,
>
> I am looking at using a control panel for ease of management. Through
> my research I found that the scripts in the background do not work
> correctly on the web server if the server is not assigned all of the
> public IPs. I am new to this type of a setup so I may be incorrect
with
> my understanding. If you believe you have a method that would work in
my
> situation I would greatly appreciate it if you could elaborate on an
> example configuration.
>
> Thanks,
>
> Adam Corder
> Network Solutions And Optimization, LLC.
> Partner
> 5692 Pontiac Circle NW
> North Canton, Ohio 44720
> PH: 330.966.8097
> Fax: 330.266.0247
> www.nsao.com
> [EMAIL PROTECTED]
>
>
> Win prizes by subscribing to the "NSAO Newsletter" at www.nsao.com
>
>
> -----Original Message-----
> From: Chris Green [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 06, 2005 8:43 AM
> To: [email protected]
> Subject: RE: [gb-users] Web Server Behind GnatBox
>
> You can do many things to make this work, but why can't you use NAT?
> You
> can have multiple private IP addresses map to multiple public IP
> addresses.
> I have many hosting environments running on Gnatboxes. All of them
run
> NAT.
>
> Chris Green
>
>
> -----Original Message-----
> From: Adam M. Corder [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 06, 2005 7:32 AM
> To: [email protected]
> Subject: [gb-users] Web Server Behind GnatBox
>
> I was wondering if someone could help me. I have a web server that is
> going to host a couple websites via a T1 line. I have multiple static
> public IPs that I need assigned directly on the web server. So I can't
> use NAT from what I know and understand. Is their a way to set this up
> behind the Gnatbox to make use of its firewall and still pass through
> the Public IPs directly to the network interface on the web server?
>
>
>
> Thanks for your time,
>
> Adam Corder
> Network Solutions And Optimization, LLC.
> Partner
> 5692 Pontiac Circle NW
> North Canton, Ohio 44720
> PH: 330.966.8097
> Fax: 330.266.0247
> www.nsao.com
> [EMAIL PROTECTED]
>
>
>
>
> Win prizes by subscribing to the "NSAO Newsletter" at www.nsao.com
>
> [demime 0.98e removed an attachment of type image/gif which had a name
> of
> image002.gif]
>
> ------------------------------------------------------
> To unsubscribe: [EMAIL PROTECTED]
> For additional commands: [EMAIL PROTECTED]
> Archive: http://archives.gnatbox.com/gb-users/
>
>
>
> __________ NOD32 1.965 (20050106) Information __________
>
> This message was checked by NOD32 antivirus system.
> http://www.nod32.com
>
> ------------------------------------------------------
> To unsubscribe: [EMAIL PROTECTED]
> For additional commands: [EMAIL PROTECTED]
> Archive: http://archives.gnatbox.com/gb-users/
>
> ------------------------------------------------------
> To unsubscribe: [EMAIL PROTECTED]
> For additional commands: [EMAIL PROTECTED]
> Archive: http://archives.gnatbox.com/gb-users/
------------------------------------------------------
To unsubscribe: [EMAIL PROTECTED]
For additional commands: [EMAIL PROTECTED]
Archive: http://archives.gnatbox.com/gb-users/
