BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] web server can't see out but others can see in

Subject: [Discuss] web server can't see out but others can see in
From: blu at nedharvey.com (Edward Ned Harvey (blu))
Date: Wed, 26 Sep 2012 11:23:37 +0000
References: <CADVqGWB_=dyrxNRXMPLr3kLtMaoGS9McPX1WLUV0eqH3=EXy4g@mail.gmail.com>

> From: Edward Ned Harvey (blu)
> Second, don't enable one-to-one NAT.

1-to-1 NAT means every packet destined for some external IP address will be NAT'd to some internal IP address.

This is how you effectively put an internal machine outside the firewall.  The only difference between 1-to-1 NAT, and *actually* putting the machine outside the firewall is that the traffic still goes through the firewall.  Which means you're able to apply firewall rules, and packet inspection, etc.

1-to-1 NAT exposes you to more risk than necessary, if all you want to do is serve port 80.

Follow-Ups:
- [Discuss] web server can't see out but others can see in
  - From: invalid at pizzashack.org (Derek Martin)

References:
- [Discuss] web server can't see out but others can see in
  - From: eric at aaca-boston.org (Eric Chadbourne)

Prev by Date: [Discuss] web server can't see out but others can see in
Next by Date: [Discuss] Running Android on a PC such as Android X86 Project
Previous by thread: [Discuss] web server can't see out but others can see in
Next by thread: [Discuss] web server can't see out but others can see in
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org