Topic: NAT (Network Address Translation)

[Anders Dissing]

Hey
Can't a e-smith 5.6 NAT? If yes how?

Sorry Iam not good at english =(

[Klaus Eckert]

Yes it can do NAT.
in my opinion it is activated by default.
on my SME-server it works very fine an i did not configure anything extra for NAT.

cheers klaus

[schotty]

Hello!

E-smith security text.......

6. Network Security

   For a server functioning as a network gateway, the security related to
   the underlying basic network connection is of critical concern. We
   take this extremely seriously and use multiple tools and layers to
   restrict access. It starts with the fundamental distinction that in
   server and gateway mode, we have an internal network interface card
   connected to the local network and an external connection to the
   outside Internet, through either another network interface card or a
   dial-up modem. The internal card will allow most connections from the
   local network, but connections coming into the external interface are
   subject to very tight controls.

   In this arrangement we use network address translation (NAT) to
   masquerade the entire internal network behind a single external IP
   address. In our recommended (and default) configuration, all internal
   systems have non-routable private IP addresses (per RFC1918) and there
   is therefore no possible way for a connection to be made from the
   external Internet to any internal machines. This allows us to
   concentrate all network security resources on protecting the server
   and external interface.

[Anders Dissing]

Where shout I config yhe NAT, under Hostnames and addresses or what?
If yes how? I don't gette =)

[Dan Brown]

There's nothing to configure.

[dave]

Anders,

NAT is automatically enabled when you set SME to be server and gateway.  Typically, in this instance you'd have 2 network cards in the server, one would be connected to the internet via analog modem, DSL or Cable modem.  This would be called the external network card and would typically have a single public IP address assigned by your internet service provider.  The other NIC would be connected to a hub/switch device where you can connect other PC's.  This second card would be the internal NIC and would have a private class IP address.  In this configuration, there's no additional settings you'd need, NAT is enabled by default and is automatic.  To my knowledge, there is no user configurations available - in server and gateway mode NAT is enabled, other modes NAT is not enabled.

Hope this helps...

[schotty]

hes gonna ask about forwarding ports next I guess....

[Anders Dissing]

schotty  Bing Bou =)
Yes. Whene I am talking about NAT I am thinking about forwarding ports, is that wrong?

How do I forwarding ports in E-smith?

[schotty]

well as i was reading the posts again, it dawned on me that we were heading in this direction

There is a contrib "portforwarding". This will also install a panel in the server-manager (i believe) and you will be able to forward the ports that you need.
search these forums or the contribs for portforwarding and you will find it!


pleased to help

[Anders Dissing]

okey now I hav install the packet, and the "new" menu Port Forwarding is there. But i tried to do forward port 80. But that didn't word so I trie to du this
TCP 1-65535 192.168.1.2 1-65535
UDP 1-65535 192.168.1.2 1-65535

And that didn't work either. Why?

[Klaus Eckert]

search the phorum for "port forwarding" and you will find, that the contrib for port-forwarding only accepts one port at once.
if you want to forward several ports you have to do it for every port.

if you want to forward port 80 (http) you have to stop the http-service (httpd) first.
then open the port 80 (it will be closed automatic if you disable the httpd) and now you can forward it.
if a service is activated the responding port is opened and binded tio that service.
because of that you cannot forward that port.


and do me a favour:
create a new discussion for that problem...

cheers klaus

[Anders Dissing]

this maybe the problem, i have made a new topic
http://www.e-smith.org/bboard//read.php?f=3&i=34070&t=34070