Use port forwarding for outside->inside connections
Help w/Dynamic NAT (t n marinoff)
|
Both rules given as example need dynamic NAT, i.e. the number of IPs on each side is not equal. This has not been implemented, reasons have been given in the NAT document. For the connection outside->inside host port forwarding with one of the existing solutions (or possibly even using ssh port forwarding on the router) is a good (possibly even better) alternative, because it happens on a higher layer than NAT, so no special kernel code is needed without losing any functionality. I've noticed that many people want to use NAT for this, enabling outside->inside connections, but I'd say that generally NAT hasn't been designed for that purpose, use port forwarding instead. While it can be done it's not desirable for a variety of reasons. Sorry for the late response, but I intented to lean back and just watch this forum. Doesn't work. |
