Thanks for replying, but thats not really what I'm asking. I am curious if it's possible for a public host to initiate communication with a private host, if the private host is either:

1) behing a NAT router

2) behind a proxy server

3) using DHCP in a private LAN.

Hi

(1)That is waht I have assumed.Say you have a web server 192.168.1.1 in your network 192.168.1.0.You are using NAT/PAT to access internet and your single point exit IP is 10.0.0.1.

Now If a person from outside need to access your web-server then through my config, he will give 10.0.0.1 in his web-browser.But since I have forwarded port 80 on to my 192.168.1.1,The request for port 80 will be forwarded to 192.168.1.1.Thsi is port-forwarding.

(2)Behind a proxy-server is also possible through above.

(3)If you use DHCP, then itsnot possible until and unless you have binded that IP with that MAC, b'coz you need to define an IP in the port-forwarding.

Am I making myself clear?

Regards

JD

Oh, I see now :) Yes, it does make sense that port forwarding could be used in this situation. What does the "extendable" command do?

How about if you wanted to ping the webserver from the public network? I've read that ICMP is a "pure" layer three protocol with no higher level support (ie. no port number). Is there any way to ping the inside?

Hi

The extendable keyword allows the user to configure several ambiguous static translations, where an ambiguous translations are translations with the same local or global address.

Regards

Jd

ok but if :

-we don t have a public server in our LAN

-we use NAT

-all TCP/UDP router servers (telnet, web, SNMP,..) are down in the router,

can we say that our LAN is secured from the internet and we don t need a firewall?