Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 30 Jun 2002 17:56:33 -0500 (CDT)
From:      Nick Rogness <nick@rogness.net>
To:        Christopher Weimann <cweimann@k12hq.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: divert/natd/redirect_address/localnet don't get along.
Message-ID:  <Pine.BSF.4.21.0206301753470.20077-100000@cody.jharris.com>
In-Reply-To: <20020629231638.A51826@mail.k12us.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 29 Jun 2002, Christopher Weimann wrote:

> I have a webserver setup on a private address and am fowarding port a
> public address to it.  I have two addresses on dc0 ( public nic )  
> one for the firewall itself and the other is forwarded with natd's
> redirect_address to the inside server.  This works fine for users
> outside my network.  Inside my network however access to the webserver
> ( at its public ip ) results in a connection refused.  This seems to
> be a problem with my diver rule.
> 
> I have managed to get this to work by adding a second rule like
> 
> /sbin/ipfw add 00050 divert 8668 ip from any to any via dc0
> /sbin/ipfw add 00051 divert 8668 ip from any to any via dc1
> 
> I don't like this but it works.  
> 
> Now I change my browser to go through squid ( running on the firewall
> ) and it doesn't work anymore...
> 
> I guess the packets are no longer coming in via either of the
> dc interfaces so I drop the via bit altogether and am back
> to a single rule.
> 
> /sbin/ipfw add 00050 divert 8668 ip from any to any 
> 
> I like this even less AND it doesn't fix the problem...
> 
> Do I have other choices?

	Yes, run an internal nameserver to tell your internal clients that
	www.domain.com is on a private IP.  This is the standard way to do
	this and a hell of a lot better than using divert the way you are.


Nick Rogness <nick@rogness.net>
 - Don't mind me...I'm just sniffing your packets



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0206301753470.20077-100000>