Date: Wed, 20 Sep 2000 00:40:20 -0700 From: "Crist J . Clark" <cjclark@reflexnet.net> To: Kanji T Bates <bates@jurai.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: internal to internal via natd extenal redirect_port Message-ID: <20000920004020.V367@149.211.6.64.reflexcom.com> In-Reply-To: <Pine.BSF.4.21.0009200138140.89155-100000@sasami.jurai.net>; from bates@jurai.net on Wed, Sep 20, 2000 at 02:37:42AM -0400 References: <Pine.BSF.4.21.0009200138140.89155-100000@sasami.jurai.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Sep 20, 2000 at 02:37:42AM -0400, Kanji T Bates wrote: > I'm having great difficulty trying to get any of my internal machines to > talk to services handled via a natd redirect_port even though boxes coming > at me from my external interface have no problems whatsoever. > > Is there anyway for me to get around this so that I could (for example) > have box 10.10.10.10 could reach the web server running on 10.10.10.20 via > the nats external IP of 192.168.0.1 ? This is a known "problem." I hesitate to call it such because everything is working as it should. When you send a packet to 192.168.0.1, it arives on the internal interface and runs through the rules. It likely is accepted at some rule. Now, the packet is accepted by the machine... We're done. There is no reason for the packet to be routed out of the external interface since it was destined for this machine. Since it never goes through the firewall rules while being processed on the exernal interface, it never is accepted by the divert rule. There are ways to hack it to get this to work, but it is generally pretty ug-oh-ly. Do you _really_ wanna do this? -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000920004020.V367>