RE: NAT, and appliances...

help-cfengine

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NAT, and appliances...

From:	Steve Brorens
Subject:	RE: NAT, and appliances...
Date:	Tue, 29 Nov 2005 09:35:26 +1300

I understand the arguments against NAT but in this case the client boxes
will be on customers sites - and 99.9% of them  use "internal" type DNS
naming, private IP ranges (192.168...) and NAT firewalls. In 50% or more
I won't have direct knowledge or control over the firewall configs -
will just be asking them to allow outward 5308 to the cfengine server.

If no-one else is using cfengine in anything like this environment then
I'm a bit reluctant to try :-)

 - steve

-----Original Message-----
From: Mark Burgess [mailto:Mark.Burgess@iu.hio.no] 
Sent: Monday, 28 November 2005 6:46 p.m.
To: Tim Nelson
Cc: Steve Brorens; help-cfengine@gnu.org
Subject: Re: NAT, and appliances...

Clearly NAT is a reduction of the full network repertoire. Some people
mistakenly associate this with an increase in security. I would rather
say it is a lack of functionality. There will always be some problems
with NAT, but it also depends to some extent on how you set it up.

M

On Mon, 2005-11-28 at 11:51 +1100, Tim Nelson wrote:
> On Sun, 27 Nov 2005, Steve Brorens wrote:
> 
> > I'm looking at using cfengine to manage and monitor a number of 
> > 'appliance' type boxes on a range of sites, but I'm concerned that I

> > may have probelms with NAT and DNS issues,
> >
> > Anyone used cfengine where:
> >
> > - the managed systems are behind NAT-type firewalls
> > - DNS may be 'odd' (they're Linux systems configured onto Windows 
> > networks, and their DNS names might be someting like 
> > box.internal.acme.com or box.local or box.acme.local - conventions 
> > at different customers will differ
> >
> > Is this likely to cause problems?
> >
> > How best to avoid probs?
> 
>       Well, it would probably be a good idea to ask the same question
on
> the network-automation list :).
> 
> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org 
> http://lists.gnu.org/mailman/listinfo/help-cfengine

=========================================================

This e-mail has been scanned for Viruses and Content and cleared by CommArc 
Cube Server

[Prev in Thread]

Current Thread

[Next in Thread]

NAT, and appliances..., Steve Brorens, 2005/11/27
- Re: NAT, and appliances..., Tim Nelson, 2005/11/27
  - Re: NAT, and appliances..., Mark Burgess, 2005/11/28
- Re: NAT, and appliances..., Adam M. Dunn, 2005/11/28
- RE: NAT, and appliances..., Steve Brorens <=

Prev by Date: Re: 64bit SuSE client Not working ????
Next by Date: Nonstandard lib location & LD_RUN_PATH
Previous by thread: Re: NAT, and appliances...
Next by thread: Odd flag cut
Index(es):
- Date
- Thread