question on NAT box

ceaser
Topic Author
Offline
New Member

14 years 6 months ago #32425 by ceaser

question on NAT box was created by ceaser

Why is it that an HTTP Client (eg Mozilla, Firefox ) works very well behind a NAT box but a webserver does not?

Kajitora
Offline
Junior Member

14 years 6 months ago #32426 by Kajitora

Replied by Kajitora on topic Re: question on NAT box

Ceaser,

I am making the assumption that you are talking about a many to one(You have one public ip address that many computer use to talk to the internet). Its all about which way the connection is coming from. Let me give an example.

Assume the following:
(PC) - > (Private)(Router W/NAT)(Public) - > Website

So your PC, with a private Ip address gos to talk to the website. It sends the packet to your router which then records that conversation in its translation table and drops the private ip address to replace it with its public one. It uses the Source port on the packet to keep track of it.

Lets now reverse

(Webserver) <- (Private)(Router W/NAT)(Public) <- (PC)

Your PC still needs to talk to the Public Ip address of the router, but when the router receives the packet it does not know which Private IP address to send it to.

But you are not with out a solution! You can use port forwarding on your router to forward any traffic with the destination port of 80 (HTTP) to the private ip address of your webserver. This normally works pretty well for me. If you need assistance let us know what kind of hardware you are using and we can advice further.

itgamers.blogspot.com

S0lo
Offline
Moderator

14 years 6 months ago #32427 by S0lo

Replied by S0lo on topic Re: question on NAT box

It can work very well for a web server too, but it requires a port/IP forwarding configuration (which usually doesn't come by default). Once it's configured correctly it can work smoothly.

I might have misunderstood your question, if so, please explain ceaser.

Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx

katzebnt
Offline
New Member

14 years 5 months ago #32729 by katzebnt

Replied by katzebnt on topic DMZ works as well...

It can work very well for a web server too, but it requires a port/IP forwarding configuration (which usually doesn't come by default). Once it's configured correctly it can work smoothly.

I might have misunderstood your question, if so, please explain ceaser.

Agree with S0lo, port forwarding works well. You can also put your server in the router's DMZ. Be warned though that you're really putting your server out in the open, be sure to enable firewall, virus protection if necessary, etc. Hope this helps as well.