Date: Sun, 16 Mar 2003 12:25:17 -0500 From: Bill Moran <wmoran@potentialtech.com> To: Matthew Ryan <matt@overdose.com> Cc: dan@slightlystrange.org, freebsd-questions@FreeBSD.ORG Subject: Re: Port Forwarding FreeBSD 4.7_Release Message-ID: <3E74B37D.1080304@potentialtech.com> In-Reply-To: <7FD4BD82-57A3-11D7-AD24-0030654886A6@overdose.com> References: <7FD4BD82-57A3-11D7-AD24-0030654886A6@overdose.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Ryan wrote: > > On Saturday, March 15, 2003, at 03:06 am, Bill Moran wrote: > >> Matthew Ryan wrote: >> >>> On Saturday, March 15, 2003, at 12:13 am, Lowell Gilbert wrote: >>> >>>>> Fact is, natd _only_ redirects from the interface is was told to >>>>> bind to. >>>>> I'm not exactly sure why the packets don't route out and back in >>>>> when you >>>>> try it from inside, but they don't ;( so you always need to test it >>>>> from >>>>> the external interface. >>>> >>>> The reason they don't "route out" is that they are addressed to the >>>> router, so it doesn't bother to forward them outside. >>>> >>> Ok, I understand, this does present me with a bit of a problem >>> however, accessing my mail server from home for example. Can you >>> think of a workaround? >> >> I don't fully understand the question. What exactly do you mean by >> "from home"? Is the mail server behind the firewall? You can port >> forward/reroute just about anything to anywhere, with enough time and >> patience. But there's not enough information in the statement you just >> made for anyone to help you much. >> > sorry, i'll try to be more explicit. I have a number of services on > ports forwarded from my external IP address to an internal IP address > via NAT as we have discussed. > > The problem is that I can not access these services from inside nat. > > Example - My mail server address resolves to my external IP number. It's > primarily a mobility issue. From inside NAT I can't collect my mail > unless I specifically point my browser at the internal IP number of my > mail server. Yes I can get around this with some sort of client location > manager or by connecting to the internet via a route other than my LAN, > but none of these options are ideal. I understand. I don't know if there is any "ideal" solution, but I'll offer a few suggestions. You may be able to run a second instance of natd that works on the internal interface and redirects traffic as you would like. This would be experimental: I have no idea if it would work and only a guess as to how to configure it. You could also put an alias IP address on the internal machine and manipulate the routing so it always goes the right place. This will probably be tricky, and each time I try to work it out in my head, I end up with a problem. But I suppose it's worth a try. (warning: you could effectively shut your network down by doing this wrong!) > I am hoping for a routing solution, and I am pleased to read your > comforting words: > >> You can port forward/reroute just about anything to anywhere, with >> enough time and >> patience. Well ... sometimes it takes a LOT of time an patience ... > Lowell Gilbert suggests running local DNS (thanks) but I have no > experience of DNS and I had other areas of learning in mind for the moment. Unfortunately for you, I think running internal DNS is the closest to "ideal" that you're going to get. The basic concept is that outside on the internet, "mail.domain.com" resolves to the external interface that is forwarded to your internal machine. Inside your LAN, a custom DNS server answers your queries, and it points "mail.domain.com" directly to the machine on the local LAN. Thus, you only need put "mail.domain.com" into your POP3 config and it always points to the right place. I've also heard that newer versions of BIND have a more elegant way of doing the same thing, but I don't have any experience with that yet. > Can anyone think of another solution? So far, only the other idea I describe above. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E74B37D.1080304>