[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] NAT Question
- Subject: Re: [cobalt-security] NAT Question
- From: "Kim Bjork" <kb@xxxxxxxxxx>
- Date: Fri, 21 Sep 2001 08:05:08 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> Message: 3
> Date: Thu, 20 Sep 2001 09:31:20 -0400
> From: John Anderson <janderson@xxxxxxxxx>
> To: cobalt-security@xxxxxxxxxxxxxxx
> Subject: [cobalt-security] NAT Question
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
>
> - I run Lotus Notes on a server here that is behind our firewall (the
> Qube acts as our firewall)
> - I would like to have my users be able to get to Notes from outside
the
> office, without moving the box outside the firewall.
>
> Now forgetting a minute about the whys and hows of dealing with
Notes, I
> was curious about the procedure to setup NAT.
>
> I've got a few questions:
> - would I assign another IP for this situation?
> - could I just use the same IP it's got now, and use a different port
> number?
> - could I add a dns entry so I have something like notes.ceeva.com
and
> that sends the packet to the qube, which translates it to the internal
> server?
>
> If someone could point me to a good FAQ or HOWTO I would appreciate
it.
>
I do something similar, except with a router/NAT. Should be the same
for you. Outside world would hit the Qube using a domain name/IP and
use port redirection to point to the Domino server.
externaldomainname points-to internalipaddress:port
www.mydomain.com points-to 192.168.0.xxx:1352 (Notes port)
(www.mydomain.com would be the address of your Qube)
or port 80, 25, 110 etc if using Domino for those services.
The key is that you must spend some time hardening the Domino server
for exposure to the outside world. When diligently configured, Domino
is a formidable, frontline application server. The problem is that
you're most likely running it on an NT server. ;-(
-Kim
http://www.aim-on.com