10-21-2009 01:10 AM
I am porting a ServerIron 4G configuration to an ADX 1000 - reverse-nat is part of the configuration and I am not quite sure how it is working to be honest. Any insights available?
10-21-2009 04:20 AM
Have you checked the following:
Reverse-NAT is basically doing NAT for connection which are getting initiated by the real server itsef. Some applications do require real server initiated connections and it is important to ensure that the ServerIron is going to replace the real server IPs with a virtual server IP in this case.
10-21-2009 09:32 AM
Reverse-nat does not do the port translation for all TCP/UDP ports by default. Here is an example configuration:
server real rs101 192.168.9.101
server virtual vs222 192.168.8.222
bind 32768 rs101 32768
bind 32769 rs101 32769
bind 32770 rs101 32770
Reverse-nat is enabled and it is going to translate the real server IP address 192.168.9.101 to the virtual servers IP 192.168.8.222 whenever the real server itself initiates a connection via the ServerIron to the outside world using 32768, 32769 or 32770 as source port for its connections. The ServerIron is NOT doing reverse-nat for sessions which are not related to these ports.
The default port is a "placeholder" and you can think of it as being ALL ports (1-65535) - adding the following binding to the virtual server vs222
bind default rs101 default
Is going to enable reverse-nat for ALL real server initiated connections because the ServerIron is looking for ALL potential source ports now.