Ian Kilgore wrote:
On Tue, Sep 12, 2006 at 05:04:21PM -0400, Brian McCullough wrote:
You are on your LAN, with a private IP, 192.168.123.456,
Well, there's your problem.
/me runs
Yeah, I'm glad I'm not the only one who was cringing at those .456 and
.789 IP addresses. :)
So this post isn't entirely useless - my gut instinct is that the
problem is related to the "u-turn" problem as described, but I'm at a
loss to explain precisely the internals of why. Assuming the NAT
implementation is anything close to *sane* on the embedded router, this
really shouldn't be a problem. Then again, don't trust the Chinese or
Korean guy who wrote the firmware to have done a sensible job on his
first programming project. The short version of the solution would be
"don't do that". Use a Linux firewall, setup split DNS views, and that
way the traffic isn't doing anything foolish, and if it does, it's going
through a sensible iptables implementation that can deal with it. But
maybe that's just me. :)
Aaron S. Joyner
--
TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
TriLUG Organizational FAQ : http://trilug.org/faq/
TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
