Keith Edmunds wrote: > Shorewall 3.2.6 > > Setup: Shorewall system with two interfaces, loc and net, pretty standard. > Port 80 from the net is DNAT'd to a web server on the LAN, works fine. > > Customer accesses the web server externally via IP address rather than DNS > name (I know, I know). Wants to know if he can access it from the LAN > using the same IP as he does externally. I set up a DNAT rule to send > externalIP:80 requests from the LAN to the web server on the LAN, but this > fails (routeback is enabled). I suspect this is because the web server sees > that the source address is on the LAN and thus it can reply directly; the > user's PC sees the web response from a different IP to the one it sent it > to and so ignores it. I can see the packets on the firewall from the > user's PC being redirected to the webserver, but I see no replies, which > supports the 'webserver replies directly' theory. Direct access to the web > server via its real (LAN) IP works. > > It almost seems that I want to NAT addresses from the LAN to the webserver > on the LAN. Can that be done? Is there a better way? >
This is Shorewall FAQ 2. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
