[svlug] NAT from the outside

Ivan Sergio Borgonovo mail at gorilla.it
Mon Jun 11 02:13:01 PDT 2001


Il 10:34, lunedì 11 giugno 2001, Seth David Schoen scrisse:

> Ivan Sergio Borgonovo writes:
> > Is there any means to see if a gateway using NAT is hiding a LAN?

> Not in general.

that means:
- there is no simple method to know
- there are some services that could put you in trouble
- there is no simple method to know if you avoid to use some services

which of the above?
what if I change "simple" with "automatic"?

> > Are there any "exotic" services that could require partial
> > unhiding or configuration nightmares if I want the service
> > running but _also_ if I want to hide that it is serviced by an
> > internal machine?

> They're not very exotic -- FTP can be one such.

FTP server side... right? Client should works as if it was run frm 
the gateway.

Does the problem reside just in dynamic ports?
Where can I find a list of services/ports so I could know if I'll 
ever need such things?

> Many services are now designed so that you can use them over an
> arbitrary single 8-bit clean connection, which helps if you want to
> do some kind of port redirection or tunnel.  This is a strong trend
> for many reasons, including the rise of firewalls and NAT.

Since it seems you know exactly what the problem is, if you can give 
me a pointer to understand it better I'll stop to bother.
Part about "arbitrary single 8-bit clean connection" is not clear.

-- 
avid reader of /usr/src/linux/Documentation/




More information about the svlug mailing list