Home Help Center

using icestrom in complex(nat) network topology

walliwalli Member Qiong QingfengOrganization: Tsinghua UniversityProject: Honeynet
The topology is as following

Publisher <---> NAT Firewall <--Internet--> NAT Firewall <---> IceStorm <---> NAT Firewall <--Internet--> NAT Firewall <----> Subscriber

And I can not remove any NAT Firewall.

Can IceStorm and Glacier work together in this case?

Comments

  • matthewmatthew NL, CanadaMember Matthew NewhookOrganization: ZeroC, Inc.Project: Internet Communications Engine ✭✭✭
    To solve this problem, its simplest to divide the setup into two pieces.

    First you have the publisher -> IceStorm piece. For this case, you can either put Glacier2 between the Publisher and IceStorm, and connect to IceStorm through Glacier2. An alternative is to use PublishedEndpoints (see the "Published Endpoints" section at http://www.zeroc.com/doc/Ice-3.3.0/manual/Adv_server.29.4.html#123501 for details), to cause the IceStorm TopicManager to publish topic proxies that point at the NAT router in front of IceStorm, and NAT port forwarding so that the NAT router sends the messages to IceStorm.

    For the IceStorm -> Subscriber piece, since IceStorm cannot send messages through Glacier2 your only option is to use PublishedEndpoints on the subscriber. This causes the Subscriber to publish proxies that point at the NAT router, and NAT port forwarding so that the NAT router sends the messages to the subscriber.
Sign In or Register to comment.