port-mac68k: Re: cable modems&servers

Subject: Re: cable modems&servers
To: Edvard Lauman <elauman@interlynx.net>
From: Richard UNGER <runger@cs.mcgill.ca>
List: port-mac68k
Date: 05/24/2000 11:51:08
Hi,


No problem.
Let set up a little example:
Say your gateway has 2 interfaces, ae0 for the internal network,
and ae1 attached to the cable-modem. Let further say your apache server
has the internal IP address 192.168.1.10/24, and the gateway is
192.168.1.1/24 on the internal network, and a.b.c.d/24 on the external.
Further lets say you run the webserver on the usual port, 80.

What you need to do to access your web-server from the outside world is
add a 'redirect' statement to your ipnat configuration. ipnat supports two
basic types of nat: map and redirect. map rules make ipnat rewrite the
source address of outgoing packets on an interface. This lets you access
the outside world from your internal machines, as their network packets
have their (invalid) source address rewritten as they leave the gateway.
redirect rules are in some sense the opposite case: they rewrite the
destination address of incoming packets on a network interface. You use
this type of rule to set up a channel from the outside world to a specific
port on an internal machine.

Add the following statement to your ipnat.conf:

rdr ae1 0/0 port 80 -> 192.168.1.10 port 80 tcp

or, eqivalently:

rdr ae1 0/0 port http -> 192.168.1.10 port http tcp

Using the word http will look up the port in /etc/services ... a bit more
'correct'. Note that the external ip address is specified as 0/0, which
will be substituted for the currently configured ip address of ae1. In
other words if you have a statically configured ip address from your cable
provider, you could write:

rdr ae1 a.b.c.d/24 port http -> 192.168.1.10 port http tcp

If you use dhclient to configure your cablemodem via dhcp, the 0/0 way of
specifying the address is for you.

Hope that helps,
Richie





On Wed, 24 May 2000, Edvard Lauman wrote:

> Suppose I have an ethernet network set up in my house with Macs, PCs, etc. 
>Further suppose one of the machines (a MacIIx running NetBSD (actually
>Erik Winkler's firewall archive) is used as a gateway(using ip-nat) to a
>cable modem connected to the internet. Now suppose I want to set up an
>apache server (or any kind of server really) on one of the machines on
>the internal network and have it accesible from the outside world. Can I
>do this? What changes do I need to make to the gateway? Thanx, Ed Lauman
>