@mary said in Network Address Translation - CompTIA Network+ N10-007 Prof Messer:

Is there any kind of slowdown when using just one port if you are getting a lot of traffic?

No not really. The most commonly used ports are 80 and 443. They process quite a bit of traffic on your average workstation.

In fact, most servers are designed to work with a single port or just a handful of ports open. For custom applications using a specific port makes it easier to troubleshoot issues and restricts non application traffic. Many apps are defaulting to 443 these days. Although, keep in mind SSL /TLS can operate on other ports.

@dbeato said in Sonic Wall Rules?:

@WrCombs said in Sonic Wall Rules?:

@dbeato said in Sonic Wall Rules?:

@WrCombs said in Sonic Wall Rules?:

I created Ip objects, put to a group and set the Other network to be able to view those IP's and only those IPs.

Is that correct?

That is the way it works on Sonicwalls... been using them since 2007...

fantastic, Hopefully I set it up correctly then

Well, you can show a screenshot, or use the cli too but we need to see to be 100% sure, and then you need to test. Test is always a good practice.

Testing is going to happen today as soon as I get the time to walk up front.
Hella busy right now.

@scottalanmiller said in Public STUN servers:

I tend to use:

stun.stunprotocol.org

This one.

Made no configuration changes to the firewall tonight. Shutdown FreePBX VM, made a new one, and stuff seems to be working as it should. I'll do a few more tests tomorrow to make sure all is well.

Edit: I lied. I made a new DHCP reservation for my new FreePBX server.

@scottalanmiller said in NAT and Port Forwarding:

@jaredbusch said in NAT and Port Forwarding:

@scottalanmiller said in NAT and Port Forwarding:

@jaredbusch said in NAT and Port Forwarding:

The downside to port forwarding is that it only goes to your primary IP

Yeah, that can be very limiting. Seems like that would be easy to expand on their side.

Does VyOS have this feature?

I always use VyOS directly from the config files, so not sure.

set port-forward

hit tab.

@eddiejennings said in Traffic not flowing for hosts behind NAT - Edge Router Lite:

@dbeato said in Traffic not flowing for hosts behind NAT - Edge Router Lite:

@eddiejennings said in Traffic not flowing for hosts behind NAT - Edge Router Lite:

Take 3 is a partial success. All hosts except the IIS host has full Internet connectivity. The IIS host is accepting web and FTP traffic (so NAT's doing its job now :D); however, I can't ping outside my local network, and it can't resolve DNS.

So what is the DNS Server on that Server?

Same as all of the other servers that could resolve DNS. The issue was forgetting to reconfigure the source NAT rule.

Makes sense now!

@scottalanmiller said in Meraki MX400 NAT Question:

@dafyre said in Meraki MX400 NAT Question:

The team that is there now are the ones that have to convince the bean counters of the need to change.

It's a tiny cost though, right? We are only talking about a minuscule investment, I think. If it saves a few hours of effort, doesn't that cover the cost?

No you are not. You are neglecting to add in the labor costs and only calculating on the hardware costs.

Physically changing everything will add labor cost. Ordering, configuration, staging, installation.

Yes, something else is cheaper. But not as cheap as you try to make it sound.

The existing solution is in place and already paid for. A simple support call resolved the configuration issue. There is no reason to spend additional capital to change a working solution until you have to plan for new spend on the solution.

If the existing solution was actually not functional, or some other factors were in play to offset things, then it would certainly be worth switching solutions.

Yeah, WTF?

Are you connecting a permanent IPSEC tunnel with some other network you do not control?

Bridging issue solved, kind of a Late-Friday-Problem: Promiscuous mode was turned on, but on the wrong interface - the DMZ facing one.

It worked instantly the second I switched it off on the DMZ and instead turned it on on the target network interface.

How to turn on MAC spoofing / Promiscuous mode on Hyper-V using PowerShell

Get-VM -Name XXXXX | Get-VMNetworkAdapter | Where-Object { $_.MacAddress -eq "XXXXXXXX" } | Set-VMNetworkAdapter -MacAddressSpoofing On

@JaredBusch said in VyOS Port Address Translation for HTTPS:

@scottalanmiller said in VyOS Port Address Translation for HTTPS:

Got it working. The firewall rule was in the wrong section of the firewall.

You had it on eth0 local instead of eth0 in?

Yuppers.