1,234
edits
Changes
→PART 2: NAT
* Don't just run those commands blindly - understand what they do.
* Try accessing your c7host from a web browser again. You should see the web page from your lin1 web server.
== NAT as a security tool ==
Note that there is plenty of nonsense on the internet, and lots of Google results will tell you that NAT is absolutely definitely not supposed to be used for securing systems online. Use your own brain to make your own decisions. I encourage you to ignore loud proclamations of fact that are missing any specific technical explanation and real-world examples.
A machine on a private subnet is not addressable from the internet. So out of the box you don't need to worry about port scans, brute force attacks, and services that were running by default that you didn't know about or didn't pay attention to.
In order to allow access to a machine on a private subnet you have to make a whitelist on the router, with every explicit service that's supposed to be accessible on your internal machine. All things being equal - a whitelist provides a greater level of security than a blacklist.
And at the end of the day if you screw up the setup of your router: the worst thing that will happen is that your internal service will be inaccessible. From a security point of view that is much better than a screwup with a firewall which can make ''everything'' accessible to ''everyone''.
= PART 3: YOUR TASKS =
