> PS: There is one thing though which I'm not sure whether it's normal or not... When I access the DMZ from a > pc in the internal network using its internal dmz ip number the request (on the dmz "server") seems to come > from the dmz interface but if I access it from the public IP address assigned to my external interface the > request is logged as coming from the ACTUAL IP address of my pc in the internal network. Is it supposed to > behave that way or do I still have something misconfigured DMZ-wise?
It's supposed to behave that way. Accessing interal DMZ IP: internal system -> LRP -> MASQ via DMZ IF -> DMZ system DMZ system sees IP of LRP box Accessing via public IP: internal system -> LRP -> Port Forward -> DMZ system DMZ sees IP of internal system The way networking is setup in 2.2 kernels, port-forwarding happens BEFORE the forwarding rule chain, so the masquerade of the internal IP doesn't occur when accessing the DMZ system via the port-forwarded IP. I believe you can control more about the order of things using 2.4 kernels and iptables, but I have yet to play with the new kernel in a serious way. Charles Steinkuehler http://lrp.steinkuehler.net http://c0wz.steinkuehler.net (lrp.c0wz.com mirror) _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
