I have a problem with our firewall/NAT, on a FreeBSD 4.7 box... Here a list with some details:
*) The FreeBSD box uses natd and ipfw, and have two external IP:s, lets say aaa.bbb.ccc.20 and ddd.eee.fff.21.
*) natd is used to redirect access to external IP addresses and ports to internal LAN IP:s, for example 192.168.0.20 and 192.168.0.21, where for example webservers are located.
*) natd rules:
natd_flags="-redirect_address 192.168.0.20 aaa.bbb.ccc.20 -redirect_port tcp 192.168.0.21:25-52 25-52 -redirect_port udp 192.168.0.21:25-52 25-52 -redirect_port tcp 192.168.0.30:80 80 -redirect_port udp 192.168.0.30:80 80 -redirect_port tcp 192.168.0.21:54-79 54-79 -redirect_port udp 192.168.0.21:54-79 54-79 -redirect_port tcp 192.168.0.21:81-722 81-722 -redirect_port udp 192.168.0.21:81-722 81-722 -redirect_port tcp 192.168.0.21:3306-4559 3306-4559 -redirect_port udp 192.168.0.21:3306-4559 3306-4559"
*) ipfw lets things through:
00050 divert 8668 ip from any to any via fxp0 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any 65535 allow ip from any to any
Most things works just fine, external access are redirected to correct ports, and the webservers work just fine. BUT the problem comes when a box on the LAN tries to reach a site residing on 192.168.0.20 using the _external_ IP aaa.bbb.ccc.20. Then I get error: "Unable to connect to remote host". Connecting from a LAN machine to the same site using the _internal_ IP works fine. Connecting to other external IPs also works fine.
I want to be able to connect from LAN boxes to the external IP:s, for example aaa.bbb.ccc.20. Can anyone lead me on the way...? Very thankful for all comments on this matter.
Regards, Smartnet Sverige AB
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"