[Linux-bruxelles] RE: [Linux-bruxelles] problème de serveur web avec un modem SpeedTouch 510 (ip dynamique, DNS chez dyndns.org)
Rusinsky Stanislas Herman W. A.
rusinskystanislas at yahoo.fr
Jeu 5 Fév 15:05:25 CET 2004
Merci pour toutes les réponses.
> Le NAT ne permet d'ouvrir une communication bidirectionnelel de ton
> réseau vers l'internet. Une machine extérieure ne peut pas ouvrir une
> comminucation avec une machine à l'interieur du NAT.
là je suis d'accord
> Pour cela il existe le port forwarding qui permet à la machine gérant
> le nat (ton modem) de passer la main à 1 et 1 seule machine de ton
> réseau (pour un port donné) pour accepter les communications
> extérieurs.
il semblerais d'après le manuel du modem qu'il prend en charge plusieurs
'manières' de le faire, cfr. la page que j'ai C-x-C-v en fin de mail
> Regarde si tu n'a pas une option permettant de faire du port
> forwarding.. Il faut forwarder ton port 80 vers ton serveur web. Peut
> être aussi le ?443? si tu utilise le HTTPS.
C'est ce qu'ils appellent le NAPT dans l'aide du thomson.
Pour l'instant j'essaye d'abord avec le port 80 (le 443 ce sera pour
après)
j'ai essayé avec l'option 'Default Server' du NAPT, et ensuite avec une
'NAPT entries' seule, puis les deux combinés...
No success. Avec une ligne de commande j'aurais pu le faire je pense, vu
que j'ai déjà géré un réseau avec NAT, firewall, DMZ, etc.
copie de l'aide du Thomson 510:
-------------------------------
Network Address and Port Translation
Network address (and Port) translation (NAPT) is a technique used to
share one IP address amongst several computers. For most common
applications, enabling NAPT on a specific interface is adequate. From
then on, all clients behind the NAPT router automatically share the same
IP address. To run a server behind a NAPT router, extra configuration is
needed. On the NAPT page, you can specify these settings.
The NAPT web page contains four tabs:
* NAPT Entries
* Multi-NAT Entries
* Default Server
* UPnP
NAPT Entries
For outgoing connections, NAPT entries are created dynamically whenever
information migrating through this connection tries to reach a foreign
host. For incoming connections however this is not done, mainly for
security reasons, so therefore the NAPT entries table allows you to
specify static NAPT entries. A static NAPT entry will redirect all
incoming connections on a specified address/port to an address/port in
the local network.
The SpeedTouch 500Series can have multiple IP addresses, therefore you
can specify the IP address in the Outside IP box on which to perform
NAPT, and the Outside port. Using 0.0.0.0 as outside IP address causes a
template to be created, which will be valid for every one of the
SpeedTouch 500Series' NAPT enabled IP addresses established AFTER the
creation of the template. In the input boxes 'Inside IP' and 'Inside
PORT' you can specify the local machine and port to which traffic needs
to be redirected.
The Protocol selection box is used to specify the protocol of the
traffic expected to be received on the inside IP:PORT. Keep in mind that
the Inside and Outside Ports only need to be specified for the TCP and
UDP protocols. All other protocols don't need a port to be specified.
Notice that saving static NAPT entries could be a problem if you work
with dynamic IP addresses (for example, if you use a PPP link to connect
to the internet, then the SpeedTouch 500Series will get a different IP
address every time you establish a connection). In this case the only
way to be able to save your settings is to use a template, so that you
don't have to specify which SpeedTouch 500Series IP address to use.
Multi-NAT Entries
The Multi-NAT Entries table allows you to overview and add/delete
network address mappings from inside (local) IP address (ranges) to
outside (public) IP address (ranges).
While with Static NAPT entries both Network Address Translation as Port
Translation (hence NAPT) is performed, Multi-NAT entries only perform
network address translation leaving source and destination ports
untouched.
Default Server
It is possible to specify a default server. All incoming connections
will be forwarded to the IP address specified here. This setting should
be adequate for most server applications.
UPnP
UPnP also provides NAPT Traversal: UPnP aware applications on a PC will
automatically create NAPT entries on the SpeedTouch 500Series for
incoming ports it needs. As a consequence these applications are able to
traverse the SpeedTouch 500Series NAPT engine without the need for extra
configuration: no NAPT algorithms - the so called NAPT Helper
applications - are needed or activated. NAPT entries created by UPnP
will be created as templates.
For security reasons you are able to configure the UPnP policy towards
Windows XP and UPnP aware applications and Operating Systems. Select:
* Full
Unlimited UPnP operation between a host running Windows XP and
the SpeedTouch 500Series.
All UPnP-based communication between any local host and the
SpeedTouch 500Series is allowed.
A local host is:
* Allowed to connect/Disconnect the SpeedTouch 500Series
Internet Gateway connection.
* Allowed to add/delete NAPT port mappings for any
host/application.
* Secure
Limited UPnP operation between a host running Windows XP and the
SpeedTouch 500Series.
UPnP-based communication between a local host and the SpeedTouch
500Series is limited, and host-specific restricted.
A local host is:
* NOT allowed to connect/disconnect the SpeedTouch
500Series Internet Gateway connection.
* Allowed to add/delete NAPT port mappings only for its
own IP address, not for other local hosts.
* Off
All UPnP support is disabled on the SpeedTouch 500Series.
UPnP-based communication between a local host and the SpeedTouch
500Series is not possible.
Plus d'informations sur la liste de diffusion Linux-bruxelles