Shorewall 3.2.6 Setup: Shorewall system with two interfaces, loc and net, pretty standard. Port 80 from the net is DNAT'd to a web server on the LAN, works fine.
Customer accesses the web server externally via IP address rather than DNS name (I know, I know). Wants to know if he can access it from the LAN using the same IP as he does externally. I set up a DNAT rule to send externalIP:80 requests from the LAN to the web server on the LAN, but this fails (routeback is enabled). I suspect this is because the web server sees that the source address is on the LAN and thus it can reply directly; the user's PC sees the web response from a different IP to the one it sent it to and so ignores it. I can see the packets on the firewall from the user's PC being redirected to the webserver, but I see no replies, which supports the 'webserver replies directly' theory. Direct access to the web server via its real (LAN) IP works. It almost seems that I want to NAT addresses from the LAN to the webserver on the LAN. Can that be done? Is there a better way? Thanks, Keith ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
