max wrote:
Claude Jones wrote:
On Sat April 12 2008, John Cornelius wrote:
I gather that it's simply a case of you moving from direct connection to
the Internet to a connection that's behind your Cisco router. I further
presume that the (nominal) 70.x.x.120 address belongs to the Cisco. In
that case you probably don't want to do what you propose.
Thanks for your thoughts, and yes, your surmising is correct
Your box should be set up on the internal LAN subnet in the normal way.
All of the interesting configuration should be done on the Cisco router
by setting up source and destination NAT so that internet traffic on
specific ports addressed to the Cisco are routed to your box and
responses are automatically routed back through the Cisco to their
destination.
I viscerally believe you're correct, here - else why is this the way
this is universally done, but I sure could use some better technically
grounded expertise in the whys and wherefores
Trying to deal with this issue from inside the LAN rather than in the
router will most likely lead to frustration since whatever you do will
be fragile and probably break often if it works at all.
This is where I need better argumentation...if you can help, it would
be appreciated. Specific examples of why it's a bad idea, security
problems that could occur, other issues...unfortunately, this
configuration has been handed to me, it's not my idea, so I need to
understand what's wrong with it and be able to offer sound arguments
for the more conventional approach, if there's is a really sound
technical reason for not doing it this way.
I'm also dealing with the fact that another Linux box, a mail server,
has been moved on to this new FIOS lan and configured using the hack
that I cited in my original post, and is working quite nicely -
unfortunately, I don't clearly understand how to implement that hack
on Fedora, but, I'm getting the "if Jack could do this with his Debian
box, why can't you with your Fedora?"....
I saw a video once, world's most unbelievable videos or some such, of a
guy who's chute failed to open. The camera tracked all the way down,
this guy jumped right up and started running around shouting "I'm alive"
. Lucky bastard. Soft marshy ground saved his ass. Most people who have
a chute that fails to open don't usually survive. That's in case you
can't make a technical argument or more likely even if you can it sounds
like it will fail because the other people are already convinced it
should work out ok. Personally I can't make the technical argument
against....yet but it sure doesn't sound right. I have worked to very
limited degree with Cisco routers but you can do alot of config in there
and as others have pointed out the box on LAN should be oblivious to
what the router does anyway.
Good Luck,
Max
Couldn't follow the original posted link either, hopefully it will pull
up later so I can see what the hell it says.
Max
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list