Scott Ullrich escribió:
Do you have a question?
Of course, cant you read?
So, that means that if I have my NATed services in a different
interface (other than the LAN) e.g. a DMZ, is it possible to access
this NATed services from the LAN Subnet??
and is that is correct, HOW do I redirect connections from local
clients in order to access the NATed services on DMZ?
And let me add another question, does pfsense include a bopunce utility at this
time?
On 1/6/06, Claudio Castro <[EMAIL PROTECTED]> wrote:
Guys..listen to this:
*Problem. *It is not possible to access NATed services using the
public (WAN) IP address from within LAN (or an optional network).
Example: you've got a server in your LAN behind pfSense and added a
NAT/filter rule to allow external access to its HTTP port. While you
can access it just fine from the Internet, you cannot access
http://your-external-ip/ from within your LAN.
*Reason. *This is due to a limitation in pf (the firewalling software
used in pfSense). pfSense does not include a "bounce" utility at this
time
Ok, we all know that, but, looking at here:
http://www.openbsd.org/faq/pf/rdr.html#reflect it propose 3 solutions,
the first one is the same that m0n0 FAQ's propose,
fordwarding/overriding of DNS. Now, the second..catch my attention, it
says this:
Moving the Server Into a Separate Local Network
Adding an additional network interface to the firewall and moving the
local server from the client's network into a dedicated network (DMZ)
allows redirecting of connections from local clients in the same way
as the redirection of external connections. Use of separate networks
has several advantages, including improving security by isolating the
server from the remaining local hosts. Should the server (which in our
case is reachable from the Internet) ever become compromised, it can't
access other local hosts directly as all connections have to pass
through the firewall.
So, that means that if I have my NATed services in a different
interface (other than the LAN) e.g. a DMZ, is it possible to access
this NATed services from the LAN Subnet??
and is that is correct, HOW do I redirect connections from local
clients in order to access the NATed services on DMZ?
Regards,
Claudio C.
