I understand the arguments against NAT but in this case the client boxes will be on customers sites - and 99.9% of them use "internal" type DNS naming, private IP ranges (192.168...) and NAT firewalls. In 50% or more I won't have direct knowledge or control over the firewall configs - will just be asking them to allow outward 5308 to the cfengine server.
If no-one else is using cfengine in anything like this environment then I'm a bit reluctant to try :-) - steve -----Original Message----- From: Mark Burgess [mailto:[EMAIL PROTECTED] Sent: Monday, 28 November 2005 6:46 p.m. To: Tim Nelson Cc: Steve Brorens; [email protected] Subject: Re: NAT, and appliances... Clearly NAT is a reduction of the full network repertoire. Some people mistakenly associate this with an increase in security. I would rather say it is a lack of functionality. There will always be some problems with NAT, but it also depends to some extent on how you set it up. M On Mon, 2005-11-28 at 11:51 +1100, Tim Nelson wrote: > On Sun, 27 Nov 2005, Steve Brorens wrote: > > > I'm looking at using cfengine to manage and monitor a number of > > 'appliance' type boxes on a range of sites, but I'm concerned that I > > may have probelms with NAT and DNS issues, > > > > Anyone used cfengine where: > > > > - the managed systems are behind NAT-type firewalls > > - DNS may be 'odd' (they're Linux systems configured onto Windows > > networks, and their DNS names might be someting like > > box.internal.acme.com or box.local or box.acme.local - conventions > > at different customers will differ > > > > Is this likely to cause problems? > > > > How best to avoid probs? > > Well, it would probably be a good idea to ask the same question on > the network-automation list :). > > _______________________________________________ > Help-cfengine mailing list > [email protected] > http://lists.gnu.org/mailman/listinfo/help-cfengine ========================================================= This e-mail has been scanned for Viruses and Content and cleared by CommArc Cube Server _______________________________________________ Help-cfengine mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-cfengine
