FreeIPA clients behind NAT - will it cause issues?
I have a situation where I need to setup a few IPA-clients behind NAT while the IPA server resides outside this NAT.
Since the IPA-server is outside the NAT:ed network, there will be a potential diff since one server has 1 internal IP and 1 NAT:ed IP as seen from the outside NAT.
Diagram:
[Active Directory] <--- [IPA Server] <--- [NAT:ed IP for srvipaclient001: 10.19.6.7] <--- [router] <--- [srvipaclient001 with IP 10.5.6.7]
Which IP will the ipa server think my ipa-client srvipaclient001 has?
- IP Behind NAT: 10.19.6.7?
- The NAT:ed IP: 10.19.6.7?
All requests to the IPA server will of course come from the NAT:ed ip 10.19.6.7.
Will I run into any issues?
Will my ipa client (srvipaclient001 in this example) report 10.5.6.7 to the IPA server as this is the only IP it truly knows about?
Responses
I wouldn't advice it as you will have to manage DNS manually. If you let the IPA manage the DNS, it will map them to IPs that are not reachable to the IPA clients
If you manage DNS manually though, I think it shouldn't be an issue, but don't scale. So if its less than 10 boxes, go ahead. If a substantial number, expect some management pains
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
