On Sun, Aug 25, 2002 at 06:43:23PM +0200, Anders Jarnberg wrote: > When I try to go to my dyndns address I get a connection refused. But > if I try to go to the same address via www.anonymizer.com it works, so > I'm figuring my own firewall is doing something to stop me.
I assume you mean that when you try to connect to port 80 of the firewall from within your local network, the connection doesn't get forwarded to web server. >From the -current man page: "Note that all translation rules apply only to packets that pass through the specified interface. For instance, redirecting port 80 on an external interface to an internal web server will only work for connections originating from the outside. Connections to the address of the external interface from local hosts will not be redirected, since such packets do not actually pass through the external interface. Redirections can't reflect packets back through the interface they arrive on, they can only be redirected to hosts connected to different interfaces or to the firewall itself." You could make the name server reply with the internal address for queries about the web server name that come from the internal net (search for 'split horizon dns' on google), or use a proxy/bouncer that can reflect the connections back into the LAN. Daniel
