Date: Tue, 24 Aug 1999 17:35:52 -0500 (CDT) From: John Heyer <john@arnie.jfive.com> To: "freebsd-isp@FreeBSD.ORG" <freebsd-isp@FreeBSD.ORG> Subject: Internal Servers / External IP Addresses (NAT) Message-ID: <Pine.BSF.3.96.990824171826.988A-100000@snake.supranet.net> In-Reply-To: <37C18CF8.5ED6BCF4@eclipse.net.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
I recently installed FreeBSD 3.2 on a machine running NAT and IPFW to act as a proxy server. In addition to internet access for the internal users via NAT, the company has also asked to put their mail and web servers on the internal network for security reasons, yet still have them accessable from the outside. I moved the servers internally and had the Proxy server take the old IP address, then re-drirected the necessary ports with NAT's -redirect_port parameter so that for example telnetting to port 25 of the proxy server's alias IP address gets a connection to the internal mail server. From the outside, this works great. The problem is it doesn't work from internal address. When they go to the outside (routable) alias being used by the proxy server, they don't get re-directed for some reason. I know the best solution might be to fool the clients into going directly to the internal address by DNS or hosts files, but unfortunately that would mean re-configuring 50 or so client machines. So I'm trying to do something at the server level - so far route statements and forwarding via ipfw, but with no luck. Any options to NAT I might be missing in order for the re-direction to work from the internal side? -- "Your illogical approach ... does have its advantages." -- Spock, after being Checkmated by Kirk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990824171826.988A-100000>