Here's the problem:
Let's say you have a client (C) on the same network as the server (S).
But it talks to S via an IP (N) on another network (via NAT).
So...
C talks to N.
C's packet gets the destination translated from N to S and delivered to S.
S notices that C is on the same network and so replies directly to C.
BUT! the source IP from S isn't N, so C thinks the packet is bogus and
drops it on the floor.
So your problem is that S needs to reply back to C via the firewall. The
best way to do this is a double NAT. When C->N, NAT C's IP to an IP on
another network so that S will reply back via the firewall rather than
directly to the client.
--
Aaron Turner [EMAIL PROTECTED] 650.237.0300 x252
Security Engineer Vicinity Corp.
Cell: 408-314-9874 http://www.vicinity.com
On Fri, 21 Jul 2000, White, Damien wrote:
>
> I'm completely stumped... I have a web server running which is using an
> illegal IP. I
> have done the address translation on this IP so it can be recognized on the
> Internet. Users outside the organization are able to access the web server
> using the legal IP. Unfortunately users inside the organization are unable
> to access the web site using the legal IP. Why is this? How would I get the
> address to be translated internally?
>
> ~ Damien [[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ]
>
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
