From owner-freebsd-questions  Thu Oct 10 14:15:27 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5654A37B401
	for <freebsd-questions@FreeBSD.ORG>; Thu, 10 Oct 2002 14:15:26 -0700 (PDT)
Received: from skywalker.rogness.net (skywalker.rogness.net [64.251.173.102])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8F5C743EBE
	for <freebsd-questions@FreeBSD.ORG>; Thu, 10 Oct 2002 14:15:25 -0700 (PDT)
	(envelope-from nick@rogness.net)
Received: from skywalker.rogness.net (localhost [127.0.0.1])
	by skywalker.rogness.net (8.12.5/8.12.5) with ESMTP id g9ALJP0H003036;
	Thu, 10 Oct 2002 15:19:26 -0600 (MDT)
	(envelope-from nick@rogness.net)
Received: from localhost (nick@localhost)
	by skywalker.rogness.net (8.12.5/8.12.5/Submit) with ESMTP id g9ALJPPs003033;
	Thu, 10 Oct 2002 15:19:25 -0600 (MDT)
X-Authentication-Warning: skywalker.rogness.net: nick owned process doing -bs
Date: Thu, 10 Oct 2002 15:19:22 -0600 (MDT)
From: Nick Rogness <nick@rogness.net>
To: Marc Hunter <hunter@hunter.net>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: ipfw and natd during internal to internal access ...
In-Reply-To: <4.2.0.58.20021010130144.00bc7a10@192.168.0.64>
Message-ID: <20021010151502.D2374-100000@skywalker.rogness.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Thu, 10 Oct 2002, Marc Hunter wrote:

> Hi,
>
> We have just implemented an ipfw and natd firewall and generally it
> works great.  We are using natd for traffic going out and to redirect
> outside traffic on port 80 to a particular webserver.  However, when a
> machine within the network attempts to access the web server through its
> external address (using the domain name for instance) it doesn't work.
>
> Is there some special trick to deal with this?

	Yeh, run an internal DNS server which resolves the site
	differently on the inside of your network to the internal address.

	Any other workaround is considered shitty by most people, like:

		ipfw divert natd all from any to any via $outside_int
		ipfw divert natd all from any to any via $inside_int

	However, this would probably work [not sure].

Nick Rogness <nick@rogness.net>
- WARNING TO ALL PERSONNEL:
   Firings will continue until morale improves.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message