IPFW/NATD: Client behind firewall connecting to server behind
firewall AS IF it were really EXTERNAL
chris.ahlers at mail-space.net
chris.ahlers at mail-space.net
Tue Apr 15 18:49:50 PDT 2003
I have successfully implemented NAT w/ dynamic rules on my firewall, and
have a question about a SPECIAL case that I would like to implement.
Everything works for external (internet) hosts coming in to my internal
(NAT-ed, behind firewall) webserver.
Everything works for my client pc's to access the internet, etc.
I will spare everybody the typical and predictable rulesets that
everybody uses in common, instead I will only give the relevant
information for the discussion.
firewall external IP = a.a.a.15 (internet ip address)
firewall internal IP = b.b.b.254 (private ip address)
NATD: alias_address = a.a.a.15
NATD: redirect_port tcp b.b.b.100:80 80
NATD: deny_incoming
webserver internal IP = b.b.b.100
example client pc IP = b.b.b.57
client pc gateway IP = b.b.b.254 (firewall)
QUESTION:
So, EXTERNAL hosts will connect to a.a.a.15 to connect to my webserver,
and the nat/redirect happens just fine.
However, INTERNAL hosts are unable to connect to my webserver via
a.a.a.15 (since this is not actually the webserver's address).
How can I get an internal host to connect to my internal webserver as if
the webserver were actually at the external IP?
BEFORE anybody starts recommending that I simply just point the internal
host directly at the internal webserver
OR
that I change my DNS config to have an inside view, etc., I would like
to point out that my $75 linksys router will do EXACTLY what I am asking
for automatically.
It seems that when the internal client pc attempts to connect I have to
NAT the external webserver IP to the INTERNAL IP, then NAT & connect on
behalf of the client pc.
Any suggestions?
C_Ahlers
code-space.com
More information about the freebsd-ipfw
mailing list