/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */ howdy, I'm sorta new to this firewall thing....My apologies if this seems like a stupid question! I'm running linux 2.2.16 with masq & portfw - Everything works just fine outbound from inside the network. I am forwarding port 80 from my firewall box to an internal box for web serving. My problem is that, portfw'ing doesn't seem to work on the inside network, it runs just fine from the outside though, I get timeouts when accessing the web server from the inside. Is there a solution to where I can forward from outside and inside the network? I'm aware of the redir programs out there, but I would prefer to utilize the ipmasqadm mfw commands to forward the packets. I do understand that I can run internal DNS to resolve to the internal address for the requested web sites, but I would prefer to keep this transparent and not have to admin 2 separate name servers. The following is my current setup.... Firewall/Gatway/Masq Box eth0 - 192.168.0.xx - internal device eth1 - xx.xx.xx.100 - external device eth1:0 - xx.xx.xx.101 - external alias - outside IP for web site Internal Web Server eth0 - 192.168.0.xx I'm redirecting traffic inbound on port 80 @ eth1:0 on the firewall/gateway box, and redirecting it to 'internal web server', everything works fine from the outside, but when I try to access the 'web address' from inside on the internal network, I get timeouts. I believe this is because my out going requests talk directly to the gateway machine without falling through masq'ing? Seems to me that I need to masq in both directions, but I've tried that and doesn't seem to make a difference. Is it possible to masq bi-directionally on the internal device of the gateway machine, that way the masq table with know exactly how to map returned requests from either inside or outside the network? I could be way off base here, I apologize if this make no sense, but if anyone has any suggestions or has run into this problem before, could you please let me know how you solved it.... Thanks, david [EMAIL PROTECTED] _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
