[quoted lines by Adoram Rogel on November 14, 1999, at 04:57]
>My problem now is this:
>I opened port 8080 in my firewall to machine X (x is on the inside of the
>firewall) and I have a ipportfw -A -t X/8080 -R Y/80 rule, where Y is my
>black box firewall.
>Looking at tcpdump I can see it work, and the http requests go to Y, but
>the ack from Y to the client (wherever he is) appear now as coming from
>Y - the black box firewall, and therefore rejected by the client.
>The client keeps trying and resending the HTTP requests to X and ignores the
>ACK that he receives from Y.
>Now, I can't masquerade the traffic that goes from Y - the black box
>firewall
>to the client, because they don't go thru X anymore, X is inside.
I didn't realize that you were dealing with two machines on the same subnet.
The only way around that is to use a utility like "redir".
--
Dave Mielke | 856 Grenon Avenue | I believe that the Bible is the
Phone: 1-613-726-0014 | Ottawa, Ontario | Word of God. Please contact me
EMail: [EMAIL PROTECTED] | Canada K2B 6G3 | if you're concerned about Hell.
