Firewall/NAT and importing outside interface

[G B <g_patrickb@yahoo.com>]

[-- Attachment #1: Type: text/plain, Size: 1466 bytes --]

I ran across this old post by Dave Presotto when someone inquired about Plan 9 as a firewall:
If you have multiple Plan 9 machines, you can use one as an inside/outside 
 machine and just import it's outside interface onto the inside 
 machines.  For example, this is how we configure our outside interface. 
 

        # second ethernet to serve the outside IP 
         echo starting ether 1 to the outside 
         bind -b '#l1' /net.alt 
         bind -b '#I1' /net.alt 
         ip/ipconfig -x /net.alt -g 204.178.31.1 ether /net.alt/ether1 204.178.31.2 255.255.255.0 
         ndb/cs -x /net.alt -f /lib/ndb/external 
         ndb/dns -sx /net.alt -f /lib/ndb/external 
         aux/listen -d /rc/bin/service.alt -t /rc/bin/service.alt.auth /net.alt/tcp 
         aux/listen -d /rc/bin/service.alt /net.alt/il 
 

Then you can import that interface to inside machines. 
 

        import achille /net.alt /net.alt 
 
This has the advantage of letting you announce nothing on the outside so that 
 you don't have to worry about attacks.  You can do anything you want on the 
 inside and packets can't get out. ************** 

If one is running a mail server and has it inside their firewall and if using one IP then t has to use NAT. Couldn't one presumeably use the setup above and run a mail server on Plan 9 and bypass having to use NAT?  And also do the same thing for a web server?


[-- Attachment #2: Type: text/html, Size: 2196 bytes --]