/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
I have a masq'd machine behind an ipchains firewall (2.2.x kernel).
Using ipmasqadm portfw I am forwarding external http requests to this
server. As expected this works great from the outside world. However, from
within my masq'd network I can not bring up the web site by referencing its
internal IP address. The following is an excerpt from a thread in the
archives that I believe addresses the problem...
> With the above entries, from the outside network I can pull up the web
> server on the firewall. However when I add the portfw command
> "ipmasqadm portfw -a -P tcp -L 216.37.28.196 80 -R 192.168.1.202 80"
> and telnet 216.37.28.196 80 the session hangs at "Trying
> 216.37.28.196..." and after several minutes "telnet: Unable to
> connect to remote host: Connection timed out"
>1. Are you testing from inside your local LAN? This will always fail,
> because the kernel will notice that the packets come in one
> interface, and then attempt to leave via the *same* interface.
> That is not a valid forwarding method, so the kernel drops it.
Is there any way to get around this so you can hit sites on your
masq'd machine as if you were on the outside. I know I can split my DNS,
however it would make things alot easier administratively (and for testing)
if they acted the same. If this isn't possible in the current kernel, is it
being worked on for any future releases? If not, any ideas who I could talk
to so that I could possibly help impliment this?
Thanks...
Scott Brause
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
