Sockets Behind The Wall
Dar Scott
dsc at swcp.com
Wed Jan 21 23:54:27 EST 2004
On Wednesday, January 21, 2004, at 06:16 PM, Scott Rossi wrote:
> Can some kind soul enlighten me as to what I'm doing wrong?
Sure!
Only, I'm not clear on your setup.
Is it this?
A.
Internet ------ Firewall -----------------------------Client
|
Server
Or this?
B.
Client -------- Internet ---------- Firewall ---------Server
Or this?
C.
Client ---- Firewall ----- Internet ----- Firewall ----Server
If it is A, your firewall (as firewall) should not be a problem. Just
point to the private address.
If B or C, the client will need to point to the public address of that
server for that service.
The firewall will use NAT (network address translation) to translate
addresses (and ports).
One form is sometimes called masquerade; it represents to the Internet
all private addresses behind the firewall as (typically) one address
and ports are shuffled about to accommodate collisions. This almost
always applies to clients behind the firewall.
Servers are handled a couple ways. One is a fixed NAT in which a
public address is assigned to the whole port space of a computer. An
address on the outside is mapped directly to a private address.
Another method is to assign a port on the public side of the server to
a port on the private computer. This keeps the public addresses down.
If the server is behind a firewall, it will normally be handled one of
those two ways. The simple SOHO routers usually make it easier for the
latter. This works well for an environment that uses masquerade, even
for a computer supplying a service. Because of the kinds of things I
do for customers, I usually have the first.
At my lab, I mix all of the above methods.
So, depending on the situation, you may have to fiddle with the router.
Dar Scott
More information about the use-livecode
mailing list