Subj : Re: CVS commit web/html/i
To   : Runemaster
From : Angus Mcleod
Date : Thu Apr 07 2005 11:02 pm

  Re: Re: CVS commit web/html/i
  By: Runemaster to Digital Man on Thu Apr 07 2005 20:04:00

 >  > Let's say the BBS is behind a NAT and the sysop can only hit the web-serv
 >  > using it's private IP address (e.g. 192.168.*.*), a link to
 >  > "ftp://theirbbs.com" would do them no good (depending on the NAT device i
 >  > use).
 > 
 > I see ... and that makes sense for sure ... crappy NAT device though :) :)

Isn't this as much a DNS and routing issue as a NAT configuration one?

		205.214.xxx.xxx
			|
			|
		    +-------+
		    |  NAT  |
		    +-------+
			|
	    192.168.1.1	|
                        |	     +-----------+
			+------------| Webserver |	192.168.1.100
			|	     +-----------+
			|
			|            +-----------+
			+------------| BrowserPC |	192.168.1.150
				     +-----------+

When someone on the net wants to access the webserver, DNS has to resolve 
to the 205.214.xxx.xxx address.  The NAT box functions more as a port- 
forwarding box to allow connections to the internal machine..
  
However, someone on the *inside* of the NAT box, example on BrowserPC, 
doesn't need to use NAT at all.  What they want is for DNS to resolve the 
webserver as 192.168.1.100 so it can be accessed directly.  If your NAT 
box has a third interface to a DMZ with the webserver there, then the 
problem is slightly different but not much.

Otherwise, you are using your 192.168.1.1 interface on the NAT box as your 
"default gateway", and when DNS resolves the webserver to 205.214.xxx.xxx 
you connect to the default gateway which uses NAT in order for you to 
access the other interface of the same box, which then has to port-forward 
the connection *back* through the default gateway to the server on your 
local network segment!  :-)

Using Linux as a triple-homed, NATting, port-forwarding, firewalling 
gateway machine, I usually get it set up so the domain name can be used on 
both sides of the NAT box (net and LAN) and by other machines on the DMZ 
as well.  I guess cheap NATting routers don't have as much flexibility.


---
 þ Synchronet þ Great programs on the Synchronet Channel at The ANJO BBS

.