I'm trying to sort out some routing questions and would like to know some good online sources for information. I learned the hard way that I know just enough to be a menace to my network, and want to become more knowledgable before I start trying anything new. Please respond with links to sites that explain IP and routing in a reasonbly simple manner, maybe with a few examples. I'm using Netware 5.1 servers and workstations with a set of local addresses (192.168.100.xxx) behind a Linksys NAT router (gateway to internet), but I would like to use assigned WAN IP's to connect from outside -- either through or around the NAT router. I suspect that if I learn about routing tables, I can go through the NAT router. I've tried bypassing it (to a second NIC in server), but I need to edit the routing table in the NAT router to prevent workstations from connecting through the WAN (it happened, and it didn't work well). I've seen a few sites that left me confused -- I'm sure there are some good sources out there. Thanks for any help you can provide.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Need help with routing tables and TCP/IP in general
- Thread starter creslan
- Start date
You can't go through NAT without doing port forwarding or 1:1 NAT. I recommend getting a good grasp on TCP/IP, some good books:
TCP/IP Network Administration by Craig Hunt (O'Reilly book) ISBN: 0596002971
The Protocols (TCP/IP Illustrated, Volume 1) by W. Richard Stevens ISBN: 0201633469
These aren't really quick reads like you asked, but you will certainly benefit from having read either of them.
There are a ton of sites out there with brief explanations, I recommend checking out the Cisco Certification and testing forum here. There are a ton of questions of this nature in there with many explanations and links.
Check out the books though!!
TCP/IP Network Administration by Craig Hunt (O'Reilly book) ISBN: 0596002971
The Protocols (TCP/IP Illustrated, Volume 1) by W. Richard Stevens ISBN: 0201633469
These aren't really quick reads like you asked, but you will certainly benefit from having read either of them.
There are a ton of sites out there with brief explanations, I recommend checking out the Cisco Certification and testing forum here. There are a ton of questions of this nature in there with many explanations and links.
Check out the books though!!
- Thread starter
- #3
Thank you. I'll check out those resources. I'm not really looking for a quick read...the problem is more that the sources I've found are brief coverage of the basics or very complicated examples. I understand the basics, but I don't have enough of a working knowledge to jump into the big stuff. I can understand it when I read it, but I can't do it. So I think I need to work through a lot of repetition and examples at the basic to moderate levels of complexity. Thanks again.
Creslan:
There are 2 (almost) seperate issues here -
1. Allowing your LAN to access the net
2. Allowing Internetters to access your servers
1 is addressed simply through using NAT...
2 is addressed by using either DMZ or 'port forwarding' -
if someone from outside your LAN wants to connect to something inside your LAN, they try to connect to your WAN IP.
This connection is normally on a pre-determined port - HTTP (i.e. web servers) normally use port 80, and FTP servers ports 21&22.
So therefore, you forward Port 80 to the LAN IP of the webserver, and Port 21 to the LAN IP of the FTP server, etc.
If the FTP server happens to be the same as the HTTP server, this isn't an issue; both ports are forwarded to the same IP.
If you put an IP in the DMZ, all the ports associated with that WAN IP are forwarded to the LAN IP - effectively, the PC appears on the net; not behind a NAT firewall. It's not very secure.
If you only have 1 WAN IP, but may need to use different webservers (e.g. you have 2 hosted domains, and but only one WAN IP), you need to use a HTTP switching service, which not only routes ports, but also routes based on URL. <marc>[ul]help us help![li]please provide feedback on what works / doesn't[/li][li]not sure where to start? click here: faq581-3339[/li][/sup][/ul][/sup]
There are 2 (almost) seperate issues here -
1. Allowing your LAN to access the net
2. Allowing Internetters to access your servers
1 is addressed simply through using NAT...
2 is addressed by using either DMZ or 'port forwarding' -
if someone from outside your LAN wants to connect to something inside your LAN, they try to connect to your WAN IP.
This connection is normally on a pre-determined port - HTTP (i.e. web servers) normally use port 80, and FTP servers ports 21&22.
So therefore, you forward Port 80 to the LAN IP of the webserver, and Port 21 to the LAN IP of the FTP server, etc.
If the FTP server happens to be the same as the HTTP server, this isn't an issue; both ports are forwarded to the same IP.
If you put an IP in the DMZ, all the ports associated with that WAN IP are forwarded to the LAN IP - effectively, the PC appears on the net; not behind a NAT firewall. It's not very secure.
If you only have 1 WAN IP, but may need to use different webservers (e.g. you have 2 hosted domains, and but only one WAN IP), you need to use a HTTP switching service, which not only routes ports, but also routes based on URL. <marc>[ul]help us help![li]please provide feedback on what works / doesn't[/li][li]not sure where to start? click here: faq581-3339[/li][/sup][/ul][/sup]
- Thread starter
- #6
Manarth, thanks for the help, but I've tried DMZ and port-forwarding through my Linksys NAT router and I just can't make it work. So I'll probably just go around it into a second NIC (already installed as a backup) on the server. I just need to access the Netware server for logging into NDS and accessing files...no FTP, no webserver.
Girth, that site looks like it might be just what I'm looking for. I haven't had much time lately, but all the help you folks have provided looks like it will get me rolling.
Thanks to all of you.
Girth, that site looks like it might be just what I'm looking for. I haven't had much time lately, but all the help you folks have provided looks like it will get me rolling.
Thanks to all of you.
- Status
Similar threads
- Locked
- Question
- Locked
- Question