4.4 Firewalls and NATs
Firewalls and Network Address Translators (NAT) can be a problem for
addressing. Suppose you have a firewall and with a private IP-range
behind the firewall. You want to update the nodes from a central
host. You can do a two stage configuration: first update the firewall and
then update from the firewall to the nodes.
But suppose you already use SNAT (Source Network Address Translation) and DNAT
(Destination ...) for the nodes. With DNAT you can say that socket 22000
on the firewall is routed to host-name:5308. DNAT gives us the
possibilty to update the nodes from a central server in one step instead
If the port command is given cfrun uses this to connect to the client
instead of the default (5308) one.
Here is an example (`cfrun.hosts'):
This connects to: 1) node1 with standard port, 2) node2 with port 22000 and extra options -DNis
and, 3) node2 with port 22000.