Thanks, Erik, for your insightful analysis. On Wed, Nov 20, 2002 at 03:00:23PM -0500, Eric Zuck wrote: > I think your basic setup for testing is flawed. > > You are trying to test going through a firewall by going from a local > network, out to the internet, back in through the WAN side of your firewall, > and on to your second box (on the same LAN). > > If this is not what you're trying to do, ignore most of what follows, as I > clearly misunderstood what you're trying :-)
You got it. A local site setup to test before going out into The Field. > ====> packet is forwarded. Note that source address would be 'ss00' > dest address has likely been changed by firewall to 'qgw' ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ /That/ looks like the key point. I give a package to the office mail-person addressed to Jim who sits next to me. Mail-person does not take it to the Post Office, they give it direct to Jim. Except, Jim was expecting a package with an external post-mark not a 'by-hand' sticker. > ====> 'ss0' sees that 'qgw' is on local LAN, so will send directly back to > 'qgw'. So it does an ARP request Dam computers trying to be helpful again. > ,.. since the traffic is > destined for an internal address it appears to your firewall that the > connection is one initiated from an external address===> in this case it > will not translate the source address. Freesco includes a small web server and their docs do as I recall say that that server should not be accessed from the inside by its external IP. Same scenario. > Clear as mud. Well actually it does make a kind of sense. And it was a slightly out of the ordinary situation. (Makes me smile to think how far those signals travelled, in order to land on a box physically three inches away! B-) ) > To test your setup, you're going to have to move the second system off the > local LAN. Yup. On the phone already. > Regards, > -EricZ Thanks! Victor -- Victor Churchill , Bournemouth, UK 01202 779643 07970 844083 _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
