[ale] OT move to new Colo that wants to use NAT
Chris Fowler
cfowler at outpostsentinel.com
Sun Nov 9 19:58:34 EST 2008
Jim Popovitch wrote:
>
> IMHO, their move to do this is both good and bad. Good because it
> protects the idiots who lease systems they don't know how to secure,
> bad because it removes capabilities that quality technical folks need.
>
>
I'm not expecting or wanting any security from my vendor. The
way I understand the NAT to work is that it is a simple DNAT/SNAT
type setup. Every port is sent to my server. I need not to contact them
to add or delete rules to their firewall.
I'm fairly certain this solution will work. I'm just curious as to what
effect
if any it will have on my SIP connections. SIP and NAT do not work well.
I guess is everything is set to and fro and one public is pointed to one
private
the SIP and RTP packets will always hit their target.
From a management perspective it seems easier for them to assign their
whole cage a class B. We get 16 IPs and if we need to add one it is a
simple
thing to do instead of changing our subnet or placing our extra IPs on
a different sub net.
If I run NAT at home and nat port 80 on my firewall to apache running on
192.168.1.4 I know that from my desktop at 192.168.1.115 that trying
to access http://buford.linxdev.com will fail. The issue lies in the fact
that my NAT is running on eth0 (public) and I'm trying to access from eth1
(private). This may cause me issue. It may just mean that it is okay
to use hostnames like normal but I need to populate /etc/hosts on each
servers
with the private addresses. Now each of these server will be using
sendmail to send and receive mail. Hopefully that will not be an issue
either.
These servers run http(s), pop3(s), imap(s), vtun, openvpn, sip, iax2,
rtp and sendmail All those protocols have to work exactly as they did
before when the servers had public IPs.
Chris
> -Jim P.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
>
--
Chris Fowler
OutPost Sentinel, LLC
Support @ SIP/support at pbx.opsdc.com
or 678-804-8193
Email Support @ support at outpostsentinel.com
More information about the Ale
mailing list