[olug] Application problem with NATing
Sam Tetherow
tetherow at nicusa.com
Tue Feb 10 16:15:26 UTC 2004
I think what Jeff is getting at with the blind drop is something along
the lines of:
- Client needs the server to contact it (since the server is not
visable to the outside world) so it sets the contents of
http://www.some_host_you_control.com/serverfoo/contactme.html to
be "1".
- Periodically the server checks the contents of that URL if they are
"1" then it knows it needs to contact the client and does so.
However since you don't have control of the server this seems like it is
out of the question. About your only hope is to modify the firewall so
that the client can contact the server (either by doing a straight 1 to
1 nat from the internal server IP to some externally available IP, or by
using portforwarding on the firewall to map a specific port on an
external IP to the server's internal IP and port) Depending on your
firewall this may or may not be trivial, iptables it is pretty straight
forward and can even be limited to mapping only from a specific 'client'
IP if you are concerned about security.
Craig Wolf wrote:
> Well, 1-1 Nating looks interesting but I will have to read it a few times to get it to sink in and make sense. I don't know what you are hinting to me on blind-drops, since it leads to info about Ben Franklin, unless it is an electricity lesson and then you are on the money! 8) I think that out of band signaling is a little out of my league of understanding. I have no control over the server, just the client and the firewall for changing settings.
> Thanx for the help!!
>
> Craig Wolf
> Linux Web Server Support
> Desktop/Network Specialist
> 402-894-6283
>
>
>
>>>>jlh at cox.net 2/7/2004 >>>
>
> 1 to 1 NAT (http://www.lug.udel.edu/articles/firewall-1to1nat/1to1nat.html)
> OR
> If the app behind the firewall/NAT is something that you have written, you
> could use a blind-drop (http://www.pbs.org/benfranklin/l3_world_spies.html)
> method to establish an out of band signal
> (http://www.iec.org/online/tutorials/ss7/topic02.html) from the client to
> the server. I've never seen anything written about it with regards to
> computer connectivity but I've used it a number of times to over come this
> exact problem.
>
> In a nutshell: you set up an out of band communications link from the client
> to the server. The server, on a regular schedule checks for a signal
> somewhere outside the firewall, when it sees the signal it attempts to
> establish a connection with the client. When the client wants to connect to
> the server it leaves a signal at the agreed upon "drop box" and waits for
> the server to attempt contact. It is also possible to write a server side
> drop box monitor that does the drop box check and then tells the server to
> connect to the client.
>
>
> ----- Original Message -----
> From: "Craig Wolf" <cjwolf at mpsomaha.org>
> To: <olug at olug.org>
> Sent: Saturday, February 07, 2004 7:09 PM
> Subject: [olug] Application problem with NATing
>
>
> I have a program that connects back to a Unix system (this part is not that
> important). The problem it has is that it has problems with connecting to a
> private IP behind my nat'ed firewall. How could I fool the app into
> thinking that there IS no firewall?
> I will not be able to get too many details until Monday morning...
>
> Any and all help/ideas would be GREATLY appreciated.
>
> Craig Wolf
> Linux Web Server Support
> Desktop/Network Specialist
> 402-894-6283
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug
>
--
------------------------------------------------------------------------
Sam Tetherow tetherow at nicusa.com
Director of Development
NIC Labs (PSSG) http://www.nicusa.com
More information about the OLUG
mailing list