Date: Tue, 20 Nov 2001 18:51:22 -0700 From: "Kendall Gifford" <kendall@jedis.com> To: <freebsd-questions@freebsd.org> Subject: An ipfw/nat port forwarding issue Message-ID: <000a01c1722f$060cb510$f801a8c0@fmepro.com>
next in thread | raw e-mail | index | archive | help
Hello, I have a little problem in getting NAT port forwarding to work in the following situation. Situation: We have a DSL connection to which a FreeBSD 4.4-Stable box is connected called foobar. Foobar is the LAN's NAT-firewall. Our web server is inside our LAN and all requests are naturally forwarded by natd. The problem is when LAN clients try to access our web server via foobar. Now, normally they are not supposed to as the LAN's primary DNS server (not foobar) returns the local address for the www server. But, sometimes the clients, I assume due to very short time-outs, insist on reverting to secondary DNS (foobar) which gives them foobar's public IP. So, when they try to visit the web site, it doesn't work. This is what my request for more information is: Why doesn't this work? What goes on "inside" foobar when it receives such a request? Just to give you more information about the situation, this situation occurs with my ipfw rules wide open (I merely divert to natd then allow all). Also, here are my uneducated guesses for the sake of letting you know I have been working on understanding this: LAN requests for the external interface come in via the internal interface, pass through ipfw without any natd intervention, and are then foobar try's to service the www port 80 request (because it didn't get forwarded as natd runs on the external interface). Since foobar isn't serving up a www dinner, the client must starve. Am I close? Any suggestions? Any help or general information is much appreciated. ____________ Kendall Gifford kendall@jedis.com http://kendall.jedis.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000a01c1722f$060cb510$f801a8c0>