Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] web server can't see out but others can see in



> From: Edward Ned Harvey (blu)
> Second, don't enable one-to-one NAT.

1-to-1 NAT means every packet destined for some external IP address will be NAT'd to some internal IP address.

This is how you effectively put an internal machine outside the firewall.  The only difference between 1-to-1 NAT, and *actually* putting the machine outside the firewall is that the traffic still goes through the firewall.  Which means you're able to apply firewall rules, and packet inspection, etc.

1-to-1 NAT exposes you to more risk than necessary, if all you want to do is serve port 80.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org