On 1/6/06, Claudio Castro <[EMAIL PROTECTED]> wrote: > Scott Ullrich escribió: > > Do you have a question? > > > > Of course, cant you read?
When someone blasts a message with > in front of them it looks like a reply. Since you're so nice I'll let you figure the rest out. > So, that means that if I have my NATed services in a different > interface (other than the LAN) e.g. a DMZ, is it possible to access > this NATed services from the LAN Subnet?? > and is that is correct, HOW do I redirect connections from local > clients in order to access the NATed services on DMZ? > > And let me add another question, does pfsense include a bopunce utility at > this time? > > > > On 1/6/06, Claudio Castro <[EMAIL PROTECTED]> wrote: > > > >>> Guys..listen to this: > >>> > >>> *Problem. *It is not possible to access NATed services using the > >>> public (WAN) IP address from within LAN (or an optional network). > >>> Example: you've got a server in your LAN behind pfSense and added a > >>> NAT/filter rule to allow external access to its HTTP port. While you > >>> can access it just fine from the Internet, you cannot access > >>> http://your-external-ip/ from within your LAN. > >>> > >>> *Reason. *This is due to a limitation in pf (the firewalling software > >>> used in pfSense). pfSense does not include a "bounce" utility at this > >>> time > >>> > >>> Ok, we all know that, but, looking at here: > >>> http://www.openbsd.org/faq/pf/rdr.html#reflect it propose 3 solutions, > >>> the first one is the same that m0n0 FAQ's propose, > >>> fordwarding/overriding of DNS. Now, the second..catch my attention, it > >>> says this: > >>> > >>> > >>> Moving the Server Into a Separate Local Network > >>> > >>> Adding an additional network interface to the firewall and moving the > >>> local server from the client's network into a dedicated network (DMZ) > >>> allows redirecting of connections from local clients in the same way > >>> as the redirection of external connections. Use of separate networks > >>> has several advantages, including improving security by isolating the > >>> server from the remaining local hosts. Should the server (which in our > >>> case is reachable from the Internet) ever become compromised, it can't > >>> access other local hosts directly as all connections have to pass > >>> through the firewall. > >>> > >>> So, that means that if I have my NATed services in a different > >>> interface (other than the LAN) e.g. a DMZ, is it possible to access > >>> this NATed services from the LAN Subnet?? > >>> and is that is correct, HOW do I redirect connections from local > >>> clients in order to access the NATed services on DMZ? > >>> > >>> Regards, > >>> > >>> Claudio C. > >>> > >>> > >>> > >>> > >>> > >> > > > > > >
