Do you have a question?
On 1/6/06, Claudio Castro <[EMAIL PROTECTED]> wrote: > > Guys..listen to this: > > > > *Problem. *It is not possible to access NATed services using the > > public (WAN) IP address from within LAN (or an optional network). > > Example: you've got a server in your LAN behind pfSense and added a > > NAT/filter rule to allow external access to its HTTP port. While you > > can access it just fine from the Internet, you cannot access > > http://your-external-ip/ from within your LAN. > > > > *Reason. *This is due to a limitation in pf (the firewalling software > > used in pfSense). pfSense does not include a "bounce" utility at this > > time > > > > Ok, we all know that, but, looking at here: > > http://www.openbsd.org/faq/pf/rdr.html#reflect it propose 3 solutions, > > the first one is the same that m0n0 FAQ's propose, > > fordwarding/overriding of DNS. Now, the second..catch my attention, it > > says this: > > > > > > Moving the Server Into a Separate Local Network > > > > Adding an additional network interface to the firewall and moving the > > local server from the client's network into a dedicated network (DMZ) > > allows redirecting of connections from local clients in the same way > > as the redirection of external connections. Use of separate networks > > has several advantages, including improving security by isolating the > > server from the remaining local hosts. Should the server (which in our > > case is reachable from the Internet) ever become compromised, it can't > > access other local hosts directly as all connections have to pass > > through the firewall. > > > > So, that means that if I have my NATed services in a different > > interface (other than the LAN) e.g. a DMZ, is it possible to access > > this NATed services from the LAN Subnet?? > > and is that is correct, HOW do I redirect connections from local > > clients in order to access the NATed services on DMZ? > > > > Regards, > > > > Claudio C. > > > > > > > > > >
