Another point I forgot to make was that split horizon DNS is not the "cure all" as people suggest.
For example: Public IP/Port: 123.45.67.89/80 Mapped to Private IP/Port: 192.168.0.1/81 Split horizon DNS *cannot* solve this problem. This *is* something we do (not with web ports, but with FTP sites we host, for example). Our solution to this one is to have some junk standalone box outside the NAT so we can remote desktop outside the NAT to test things from there-- (another thing I'd like to get rid of).. Dimitri Rodis Integrita Systems LLC -----Original Message----- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Thursday, August 25, 2005 11:18 PM Cc: [email protected] Subject: Re: [pfSense Support] Accessing NATed services from behind the NAT On 8/26/05, Dimitri Rodis <[EMAIL PROTECTED]> wrote: > Put it this way: > > A $60 linksys router can do this (WRT54G with stock firmware, for > example)... Why can't these expensive ones do it? real simple - there's a HUGE difference between doing it for systems that only support one public IP and doing it for ones that support limitless ones. Big difference between something that supports all kinds of NAT, and something that butchers the term "DMZ" in everyone's head as port forwarding, its only real NAT support. (I'm a Cisco fan in general, but screw them for buying a company that's done something so stupid) If it were a simple, easy fix that Linksys magically came up with, Cisco would have yanked it from its new little brother company and put it in the PIX. Even the latest, greatest brand spanking new PIX OS 7 doesn't support that. It does do automatic DNS translation though, if the DNS queries traverse the PIX, so it has its ways of eliminating the problem for DNS names. It's something we'll see eventually. But in the case of a real hosting environment, you probably shouldn't be running NAT to your servers anyway. Put them off a routed public IP'ed interface to solve this. or use your beloved Linksys. ;) -cmb --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
