Date: Tue, 15 Apr 2003 18:49:46 -0700 From: <chris.ahlers@mail-space.net> To: <freebsd-ipfw@freebsd.org> Subject: IPFW/NATD: Client behind firewall connecting to server behind firewall AS IF it were really EXTERNAL Message-ID: <000001c303ba$75cc27a0$3401a8c0@neptune>
next in thread | raw e-mail | index | archive | help
I have successfully implemented NAT w/ dynamic rules on my firewall, and have a question about a SPECIAL case that I would like to implement. Everything works for external (internet) hosts coming in to my internal (NAT-ed, behind firewall) webserver. Everything works for my client pc's to access the internet, etc. I will spare everybody the typical and predictable rulesets that everybody uses in common, instead I will only give the relevant information for the discussion. firewall external IP = a.a.a.15 (internet ip address) firewall internal IP = b.b.b.254 (private ip address) NATD: alias_address = a.a.a.15 NATD: redirect_port tcp b.b.b.100:80 80 NATD: deny_incoming webserver internal IP = b.b.b.100 example client pc IP = b.b.b.57 client pc gateway IP = b.b.b.254 (firewall) QUESTION: So, EXTERNAL hosts will connect to a.a.a.15 to connect to my webserver, and the nat/redirect happens just fine. However, INTERNAL hosts are unable to connect to my webserver via a.a.a.15 (since this is not actually the webserver's address). How can I get an internal host to connect to my internal webserver as if the webserver were actually at the external IP? BEFORE anybody starts recommending that I simply just point the internal host directly at the internal webserver OR that I change my DNS config to have an inside view, etc., I would like to point out that my $75 linksys router will do EXACTLY what I am asking for automatically. It seems that when the internal client pc attempts to connect I have to NAT the external webserver IP to the INTERNAL IP, then NAT & connect on behalf of the client pc. Any suggestions? C_Ahlers code-space.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c303ba$75cc27a0$3401a8c0>