On Thu, 9 Apr 2009 09:09:54 Carlos E. R. wrote:
On Thursday, 2009-04-09 at 00:30 +0930, Rodney Baker wrote:
...
Isn't just NAT good enough for what I want to do? Listen to mp3's and avi's I have on my laptop? If no one can connect to me from the outside then I'm OK internally on the lan no?
You only need NAT if you want to connect to a box on your lan from outside the firewall (i.e. elsewhere on the internet). If you have no need to accept incoming connections from outside, turn it all OFF.
I thought NAT was used the other way round, to connect one or more machines on the local net (many IPs) to the internet (one outgoing IP). Ie, it is what allows several machines with different local IPs to browse internet, sharing the only one internet address they have.
:-?
Or what I describe has a different name?
-- Cheers, Carlos E. R.
Actually, you're right - NAT is used for outgoing connections to route replies back to the originating host on the internal network, but that is generally transparent to the user once enabled. The specific configurations Lynn mentioned were more likely related to Port Forwarding, which works together with NAT to translate incoming connections to a specified port on the public IP address to a known port on an internal IP address. e.g. if your public ip address is 123.0.123.1 and you have an ssh server running on 10.1.1.1 on your internal network, you would translate a tcp port on the outside interface to port 22 on the box running the ssh server like 123.0.123.1:50001 -> 10.1.1.1:22 So incoming ssh connections would need to connect to 123.0.123.1:50001 and this would be automatically redirected to 10.1.1.1 on port 22. Outgoing connections via an NAT interface are handled transparently like I said earlier i.e. if 10.1.1.1 requests an http transfer from 1.2.3.4 (which appears to the remote server as if from 123.0.123.1, your public ip address), replies from 1.2.3.4 to 123.0.123.1 are automatically routed back to 10.1.1.1. Hopefully we're both working on the same page now...:-) Rodney. -- =================================================== Rodney Baker VK5ZTV rodney.baker@iinet.net.au ===================================================