[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with rdr



On Tue, 2003-12-23 at 20:08, Teren wrote:
> Any computer not on that network can access port 81 from the
> external internet, but, any computer behind the nat cannot access it by the
> domain/real IP, computers behind the nat can only access port 81 by typing
> in the webserver's ip (10.20.0.2) becuase it would appear the rdr rules are
> not working if someone behind the nat tries to use them. Any ideas how to
> fix that? Thanks again
> 
> Teren

Perhaps because those machines are directly connected on the switch and
their traffic doesn't pass through the firewall at all?

Your machines on the trusted net should not be accessing your servers
via the global (Internet routeable) IP, because that would mean traffic
is going from inside, to outside, to back inside again.  Antispoof
should prevent that, and rightly so.

If you want to use DNS to access machines with private IPs, you need to
setup a split DNS zone that will give different answers to inside
clients.

-- 
Brian Keefer, CISSP
Senior Field Engineer, Professional Services
CipherTrust Inc, www.CipherTrust.com



Visit your host, monkey.org