Date: Tue, 15 Apr 2003 23:23:49 -0700 From: Darren Pilgrim <dmp@pantherdragon.org> To: chris.ahlers@mail-space.net Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW/NATD: Client behind firewall connecting to server behind firewall AS IF it were really EXTERNAL Message-ID: <20030415232349.45b4e8a1.dmp@pantherdragon.org> In-Reply-To: <000001c303ba$75cc27a0$3401a8c0@neptune> References: <000001c303ba$75cc27a0$3401a8c0@neptune>
next in thread | previous in thread | raw e-mail | index | archive | help
<chris.ahlers@mail-space.net> wrote: [trimmed for relevance] >firewall external IP = a.a.a.15 (internet ip address) >firewall internal IP = b.b.b.254 (private ip address) > >NATD: alias_address = a.a.a.15 >NATD: redirect_port tcp b.b.b.100:80 80 >NATD: deny_incoming > >webserver internal IP = b.b.b.100 >example client pc IP = b.b.b.57 >client pc gateway IP = b.b.b.254 (firewall) > <...> >However, INTERNAL hosts are unable to connect to my webserver via >a.a.a.15 (since this is not actually the webserver's address). <...> >Any suggestions? Use an ipfw forward rule for the requests coming from the LAN. Read ipfw(8) for the appropriate syntax. Explanation: a.a.a.15 is a local address according to the firewall box, so it isn't going to route anything destined for a.a.a.15 out an interface. Since natd is configured to only act upon packets crossing the external interface, it never sees the LAN-sourced requests for a.a.a.15, thus the redirection never takes place.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030415232349.45b4e8a1.dmp>