Thread: CrowDirt's Server
View Single Post
  #77  
Old 7th Jan 02, 05:21 PM
Crowdirt's Avatar
Crowdirt Crowdirt is offline
Senior Member
  
Join Date: Sep 2001
Location: Detroit
Posts: 212
Crowdirt
Hi Chiller, ok lets take a look at the parts to this puzzle. I will use Linksys as an example, other companies do basically the same things. Linksys has available now:

4-5 Port Switches
4-8 Port NAT/Routers (Firewall/Routers)
4 Port VPN/Routers

Most Broadband Cable Providers allow one "Routable" IP# for the Modem to connect to the Net with.

If you use a Switch behind the Modem then only one of the computers connected to the Switch can use the Routable IP (eg. 24.51.x.x). Other computers connected to the Switch could use Non-Routable IP's (eg. 192.168.x.x) to talk to each other as an internal LAN.

If you use a NAT/Router behind the modem then what happens is the NAT/Router takes the Routable IP. The box has a DHCP function in it to assign Non-Routable IP#'s to the computers connected to it. This is not really needed you could assign numbers Manualy too.

Other things the box does are basically a function of NAT which cannot be removed from the box. If you removed NAT from the box then it would simply work the same as a Switch.

The NAT stuff will allow net traffic to be routed to one computer without any restrictions, that's the DMZ thingy. All other computers that are using Non-Routable IP#'s have their net traffic restricted in various ways. A few functions are allowed to work, such as Surfing and E-Mail. NAT accomplishes these Restrictions by changing the IP# from the Routable one to Non-Routable ones as needed. The Box lets you set some "Ports" to pass through without Restrictions to a particular Non-Routable IP# (Particular machine).

So if you allowed "ALL" Ports to be open that would reduce the "Firewall" effect to a minimum for a particular machine. Also if you "Opened" a "Range" of Ports (1-10000) for a "Range" of Non-Routable IP#'s (192.168.1.2-192.168.1.100) for the most part the "Firewall" function will "GO Away".

Have not had a chance to try this just yet. I would like to know, along with quite a few others, if this actually "Works".

If you use the "New" VPN/Router behind the modem then things are different again. From the description on the Linksys Website the Box does not appear to use NAT. It does however add "Encryption" to the Net connection and Requires a Specific Configuration at the other end (Server) to talk to. This approach seems to only connect to "Selected" sites, all others are Locked Out, and I suspect that is not what you want to do.
Reply With Quote