I was asked to share a public ip to one of our partner in business,so that he can allow access to one of his application server through that public server.
I shared IP of my firewall.All my internal network is patted to that.
Public IP on my firewall was x.y.z.173/28.
Now what he did he allowed my subnet id .i.e x.y.z.160 for the same and I was able to access his server from my internal network.
1. Does he allowed all range of my public ip's from 161-174?
2. If he asked my external ip does that mean was x.y.z.173(As all my internal network patted to that ip).If He would have allowed 173 only even then my connection would have worked from my internal network.
3.Even though I am not able to ping subnet id how it forwards the traffic.Exactly how traffic is flowing from internal network..To best my knowledge it was something where internal ip gets converted to public on firewall int and then pushed to router lan and its serial(wan something a.b.c.114/30) and isp thorugh the modem lying (a.b.c.113/30).Where does the role of x.y.z.160 comes.
I am little confused.
1) If your partner has allowed the subnet .160 - then ANY of your IP address will be able to connect. If he only allows 1 IP address, the IP address of your firewall outside interface - you will be able to connect, either way it will work.
2) If you want to someone to access a server in your internal LAN behind the firewall you have 2 choices:-
- Allow based on TCP/UDP port and use the outside firewall IP address = Port Forwarding.
- Assign a specific static 1 to 1 NAT external IP address in your range to specifically allow external users to connect to your server = Static 1:1 NAT
Let me clear something up for you - IP routing is based on a PHB = Per Hop Basis. Any routing device must have an idea of where a source/destination IP address is in relation to itself. So a routing devices MUST be connected via IP to the device it is routing to, or connected to a device that knows how to get to the IP address beyond it.
Static/dynamic routing - with both you always HAVE to know the next hop = 1 hop away.