Re: Joining subnets

From: David Schwartz <davids@xxxxxxxxxxxxx>
Date: Mon, 24 Aug 2009 08:28:48 -0700 (PDT)

On Aug 24, 5:39 am, billbo <bpl...@xxxxxxxxxxxx> wrote:

The servers subnet and the lan subnet are not physically connected.
The linux nat firewall is being used to connect them only at specified
ports and ip addresses like a bridge. Each lan client is then routed
to this bridge to access services on the server subnet. By using
nat, I do not have to worry about routing to the lan network from the
servers. The nat fw also seems to offer better isolation as the lan
network is being treated as an untrusted network.

Well then the answer to your question is obvious -- the more elegant
solution than using NAT is not using NAT. The NAT serves almost no
purpose, so just get rid of it.

DS
.

References:
- Joining subnets
  - From: billbo
- Re: Joining subnets
  - From: Moe Trin
- Re: Joining subnets
  - From: billbo

Prev by Date: Re: Joining subnets
Next by Date: Re: Joining subnets
Previous by thread: Re: Joining subnets
Next by thread: Re: Joining subnets
Index(es):
- Date
- Thread

Relevant Pages

Re: 56k dial up on laptop 802.11G ?
... are you now a believer that I can control outgoing traffic without ... >>the definition of a network firewall. ... > that NAT is a real firewall because it functions to protect the LAN ...
(alt.internet.wireless)
Re: 3 Nics - Dual (Tripe) Homed Host
... >>LAN with access to the Internet. ... >it would have on the NAT from the 192.168.1.0/24 network. ... two machines on the 10.0.0.0 network that needed to access machines on the ...
(freebsd-questions)
Re: 851w config w 12.4(4)-T4 vlan question
... first address in the /29 network and use a nat pool with the addresses it ... Will I still be able to use the 192.168.1 network for the dhcp clients on ... the wireless bridge? ... ip nat inside source list 1 interface FastEthernet4 overload ...
(comp.dcom.sys.cisco)
Re: Strange VPN problem (was: Two servers, one VPN)
... If the VPN server is not behind a NAT, ... levels to keep out the riffraff, but every machine on this network is known ... tell RRAS that one of them is the Internet and the other is the LAN. ...
(microsoft.public.win2000.ras_routing)
Re: Strange VPN problem (was: Two servers, one VPN)
... If the VPN server is not behind a NAT, ... levels to keep out the riffraff, but every machine on this network is known ... tell RRAS that one of them is the Internet and the other is the LAN. ...
(microsoft.public.windowsxp.work_remotely)