[ previous ] [ next ] [ threads ]
 From:  Alex Neuman van der Hans <alex at nkpanama dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] opening ports for entire network
 Date:  Sat, 25 Feb 2006 15:41:11 -0500
You need to understand how TCP/IP works a little better in order to 
understand why you can't do what you want to do.

If you need to access services inside from the outside, and you're 
sharing a single IP address, then the ipaddress:port mapping can 
correspond on a one-to-one relationship to any other ipaddress:port 
mapping on the inside.

If you have one external IP address for each address on your internal 
network you want to map services for, you can then map one publicip:port 
to one internalip:port each.

Visualize phone numbers and extensions and you have the idea. You can 
have DID, but you need a specific outside number for each extension.

Nick Smith wrote:
> is there a way to open say port 21 for my entire network, not just
> machine? then if i do ssh computer1.domain.com or computer2.domain.com
> it will actually go to each machine? as it stands now it seems i can
> only open the port per ip, so unless i run ssh on different ports on
> all the different machines which would be a real pain, now i have to
> ssh into computer1.domain.com and then from computer1 ssh into
> computer2.  is it possible to open it up for the entire network and
> use host name resolution via the dns forwarder in the m0n0wall?
> thanks
> Nick
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch


Alex Neuman van der Hans
N&K Technology Consultants
Tel. +507 214-9002 - http://nkpanama.com/