Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Anders Dissing on July 08, 2003, 12:14:14 PM
-
Hey
Can't a e-smith 5.6 NAT? If yes how?
Sorry Iam not good at english =(
-
Yes it can do NAT.
in my opinion it is activated by default.
on my SME-server it works very fine an i did not configure anything extra for NAT.
cheers klaus
-
Hello!
E-smith security text.......
6. Network Security
For a server functioning as a network gateway, the security related to
the underlying basic network connection is of critical concern. We
take this extremely seriously and use multiple tools and layers to
restrict access. It starts with the fundamental distinction that in
server and gateway mode, we have an internal network interface card
connected to the local network and an external connection to the
outside Internet, through either another network interface card or a
dial-up modem. The internal card will allow most connections from the
local network, but connections coming into the external interface are
subject to very tight controls.
In this arrangement we use network address translation (NAT) to
masquerade the entire internal network behind a single external IP
address. In our recommended (and default) configuration, all internal
systems have non-routable private IP addresses (per RFC1918) and there
is therefore no possible way for a connection to be made from the
external Internet to any internal machines. This allows us to
concentrate all network security resources on protecting the server
and external interface.
-
Where shout I config yhe NAT, under Hostnames and addresses or what?
If yes how? I don't gette =)
-
There's nothing to configure.
-
Anders,
NAT is automatically enabled when you set SME to be server and gateway. Typically, in this instance you'd have 2 network cards in the server, one would be connected to the internet via analog modem, DSL or Cable modem. This would be called the external network card and would typically have a single public IP address assigned by your internet service provider. The other NIC would be connected to a hub/switch device where you can connect other PC's. This second card would be the internal NIC and would have a private class IP address. In this configuration, there's no additional settings you'd need, NAT is enabled by default and is automatic. To my knowledge, there is no user configurations available - in server and gateway mode NAT is enabled, other modes NAT is not enabled.
Hope this helps...
-
hes gonna ask about forwarding ports next I guess....
-
schotty Bing Bou =)
Yes. Whene I am talking about NAT I am thinking about forwarding ports, is that wrong?
How do I forwarding ports in E-smith?
-
well as i was reading the posts again, it dawned on me that we were heading in this direction :-)
There is a contrib "portforwarding". This will also install a panel in the server-manager (i believe) and you will be able to forward the ports that you need.
search these forums or the contribs for portforwarding and you will find it!
pleased to help
-
okey now I hav install the packet, and the "new" menu Port Forwarding is there. But i tried to do forward port 80. But that didn't word so I trie to du this
TCP 1-65535 192.168.1.2 1-65535
UDP 1-65535 192.168.1.2 1-65535
And that didn't work either. Why?
-
search the phorum for "port forwarding" and you will find, that the contrib for port-forwarding only accepts one port at once.
if you want to forward several ports you have to do it for every port.
if you want to forward port 80 (http) you have to stop the http-service (httpd) first.
then open the port 80 (it will be closed automatic if you disable the httpd) and now you can forward it.
if a service is activated the responding port is opened and binded tio that service.
because of that you cannot forward that port.
and do me a favour:
create a new discussion for that problem...
cheers klaus
-
this maybe the problem, i have made a new topic
http://www.e-smith.org/bboard//read.php?f=3&i=34070&t=34070