help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: NAT, and appliances...


From: Steve Brorens
Subject: RE: NAT, and appliances...
Date: Tue, 29 Nov 2005 09:35:26 +1300

I understand the arguments against NAT but in this case the client boxes
will be on customers sites - and 99.9% of them  use "internal" type DNS
naming, private IP ranges (192.168...) and NAT firewalls. In 50% or more
I won't have direct knowledge or control over the firewall configs -
will just be asking them to allow outward 5308 to the cfengine server.

If no-one else is using cfengine in anything like this environment then
I'm a bit reluctant to try :-)


 - steve



-----Original Message-----
From: Mark Burgess [mailto:address@hidden 
Sent: Monday, 28 November 2005 6:46 p.m.
To: Tim Nelson
Cc: Steve Brorens; address@hidden
Subject: Re: NAT, and appliances...



Clearly NAT is a reduction of the full network repertoire. Some people
mistakenly associate this with an increase in security. I would rather
say it is a lack of functionality. There will always be some problems
with NAT, but it also depends to some extent on how you set it up.

M

On Mon, 2005-11-28 at 11:51 +1100, Tim Nelson wrote:
> On Sun, 27 Nov 2005, Steve Brorens wrote:
> 
> > I'm looking at using cfengine to manage and monitor a number of 
> > 'appliance' type boxes on a range of sites, but I'm concerned that I

> > may have probelms with NAT and DNS issues,
> >
> > Anyone used cfengine where:
> >
> > - the managed systems are behind NAT-type firewalls
> > - DNS may be 'odd' (they're Linux systems configured onto Windows 
> > networks, and their DNS names might be someting like 
> > box.internal.acme.com or box.local or box.acme.local - conventions 
> > at different customers will differ
> >
> > Is this likely to cause problems?
> >
> > How best to avoid probs?
> 
>       Well, it would probably be a good idea to ask the same question
on
> the network-automation list :).
> 
> _______________________________________________
> Help-cfengine mailing list
> address@hidden 
> http://lists.gnu.org/mailman/listinfo/help-cfengine

=========================================================


This e-mail has been scanned for Viruses and Content and cleared by CommArc 
Cube Server




reply via email to

[Prev in Thread] Current Thread [Next in Thread]