Date: Thu, 09 Jan 2003 20:50:52 -0800 (PST) From: jdroflet@canada.com To: freebsd-questions@FreeBSD.ORG Subject: natd ip redirect confuses Java server behind the firewall. Message-ID: <20030109205053.16182.h002.c009.wm@mail.canada.com.criticalpath.net>
next in thread | raw e-mail | index | archive | help
A bit long... FreeBSD 4.3 running with IPFW and NATD One of the IP addresses is redirected to the apache/tomcat/java server. "redirect_address 10.150.0.24 a.b.c.d" No other fancy proxy stuff or fw rules. Clients on the internal network have no problems with the internal server. Access to the internal server from the Internet works fine except for some java calls. Java server is: HP-UX 11 Apache 1.3 Tomcat Java The Java support person sent this reply to our query: > You'll probably want to get together with your network > architect (me)and have > him sniff the packets you are sending/receiving to see the > origination and > destination addresses. Either the firewall is restricting > the IP address, > or the address is being translated incorrectly. He went on to describe how another client had a simalar problem with a load/balancer and that when they turned off Nat it worked fine - not an option in this situation. I tcpdumped the inside card of the firewall and can see the point where the java server attempts to send a request for information from it's own re-directed public IP. It goes like this. Internet client: w.x.y.z Firewall public IP: a.b.c.d redirected to the inside java box. inside Java IP: 10.150.0.24 Keep in mind I'm sniffing the inside card of the firewall so 'in what little is left of my mind' everything is translated already. Client initiates: TO: 10.150.0.24 from: w.x.y.z Client gets onto the web pages fine then attempts to run one of the java reports. TO: 10.150.0.24 from: w.x.y.z The server was then doing it's reflux thing which tried to get further java/url stuff from whatever server the client initiated To: a.b.c.d from: 10.150.0.24 <= Java box attempts to 'reach' it's public IP. At this point the client gets an error 'Form not found' So, is this really a NATD problem or could it actually be a problem in one of the Java server configs ? And if so where do I look, I'm neither an Apache tomcat or java expert. I tried aliasing the public IP on the Java box but that didn't help. Thanks in advance, J __________________________________________________________ Get your FREE personalized e-mail at http://www.canada.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030109205053.16182.h002.c009.wm>