Sockets Behind The Wall

Dar Scott dsc at swcp.com
Wed Jan 21 23:54:27 EST 2004


On Wednesday, January 21, 2004, at 06:16 PM, Scott Rossi wrote:

> Can some kind soul enlighten me as to what I'm doing wrong?

Sure!

Only, I'm not clear on your setup.

Is it this?

A.
Internet ------ Firewall -----------------------------Client
                                    |
                                Server

Or this?

B.
Client -------- Internet ---------- Firewall ---------Server


Or this?

C.
Client ---- Firewall ----- Internet ----- Firewall ----Server

If it is A, your firewall (as firewall) should not be a problem.  Just 
point to the private address.

If B or C, the client will need to point to the public address of that 
server for that service.

The firewall will use NAT (network address translation) to translate 
addresses (and ports).

One form is sometimes called masquerade; it represents to the Internet 
all private addresses behind the firewall as (typically) one address 
and ports are shuffled about to accommodate collisions.  This almost 
always applies to clients behind the firewall.

Servers are handled a couple ways.  One is a fixed NAT in which a 
public address is assigned to the whole port space of a computer.  An 
address on the outside is mapped directly to a private address.  
Another method is to assign a port on the public side of the server to 
a port on the private computer.  This keeps the public addresses down.

If the server is behind a firewall, it will normally be handled one of 
those two ways.  The simple SOHO routers usually make it easier for the 
latter.  This works well for an environment that uses masquerade, even 
for a computer supplying a service.  Because of the kinds of things I 
do for customers, I usually have the first.

At my lab, I mix all of the above methods.

So, depending on the situation, you may have to fiddle with the router.

Dar Scott






More information about the use-livecode mailing list