Date: Wed, 21 Nov 2001 07:48:25 +0200 From: "Patrick O'Reilly" <patrick@mip.co.za> To: <kendall@jedis.com>, <freebsd-questions@FreeBSD.ORG> Subject: RE: An ipfw/nat port forwarding issue Message-ID: <NDBBIMKICMDGDMNOOCAIIEDPDPAA.patrick@mip.co.za> In-Reply-To: <000a01c1722f$060cb510$f801a8c0@fmepro.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> From: Kendall Gifford > Sent: 21 November 2001 03:51 > LAN requests for the external interface come in via the > internal interface, pass through ipfw without any natd > intervention, and are then foobar try's to service the > www port 80 request (because it didn't get forwarded as > natd runs on the external interface). Since foobar isn't > serving up a www dinner, the client must starve. > Am I close? Any suggestions? > Kendall - I think your summary above is spot-on! natd does run on a psecific interface (specified by the -n or -a argument to natd), and since the offending packets are entering 'foobar' via a different interface, natd does not have an opportunity to do its work. > The problem is when LAN clients try to access our web > server via foobar. Now, normally they are not supposed > to as the LAN's primary DNS server (not foobar) returns > the local address for the www server. But, sometimes > the clients, I assume due to very short time-outs, > insist on reverting to secondary DNS (foobar) which > gives them foobar's public IP. I think you need to address this problem on your primary DNS. Make sure it responds and services your internal clients reliably. Is the internal DNS server also FreeBSD? Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBIMKICMDGDMNOOCAIIEDPDPAA.patrick>