On Monday 24 June 2002 3:12 pm, Paulo Andre wrote: > My problem is this... > A http request comes in on fw2 ip 196.25.31.195 DNAT's to server on lan > 172.1.1.1 > I can pick up the packet all the way to server and back until it comes to > fw1 ip 196.41.197.34, src=172.17.1.1 dst="pc requesting". > But the people on the outside can not see the web page. > Will the requesting pc have a problem if it requests a page from one ip and > gets a reply from another...????
Yes, it definitely will. I think your problem is that you have two firewalls, and you are DNATting packets on one of them, and then sending the replies back out through the other one, which of course does not do the corresponding "reverse" SNAT on the reply. You need to make sure that your route to the Internet (from the web server) points to the machine which accepts the incoming requests (ie the one with the public address on it). Antony.
