Date: Thu, 29 Dec 2005 17:04:51 -0600 From: Greg Barniskis <nalists@scls.lib.wi.us> To: "Chris S. Wilson" <cswilson@ordizmelby.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: NATD Internal Network problems Message-ID: <43B46B93.4020403@scls.lib.wi.us> In-Reply-To: <C8DFE22B48199443918D30E52F1AD2CC3FED63@omaserver.oma.local> References: <C8DFE22B48199443918D30E52F1AD2CC3FED63@omaserver.oma.local>
next in thread | previous in thread | raw e-mail | index | archive | help
Chris S. Wilson wrote: > Hello! :) > > I am having a problem with freebsd 5.3-release and natd. > > When I try to connect to a service on my internal network to an IP on my > external network that has a port redirected, it wont connect. > > IE: 67.128.100.2 is my external IP, on my internal network I try to > connect to 67.128.101.2:80 which is forwarded in my natd.conf and the > connection is refused. > > Does anyone know why? I don't know the exact technical reasons "why" but I will confirm for you that this simply does not work, and the reasons why center around it being a rather tortured mess. Your inside machines should reach your inside server by its inside address. Think about how you're sending your request outside the firewall (getting the request NATed on the way out) and then back in (getting the request re-NATed), and then having the reply packets from the web server have to take the reverse of that path. Yuck. Use split DNS so that that "www.example.com" appears to external clients as being your external NAT server address, and appears to inside clients as the web server's real inside address. -- Greg Barniskis, Computer Systems Integrator South Central Library System (SCLS) Library Interchange Network (LINK) <gregb at scls.lib.wi.us>, (608) 266-6348
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43B46B93.4020403>