Chip Burke wrote on 05/10/2005 13:59:01:
> I am using the DNAT workaround so as to not have to update DNS. The
> problem I find I am having is that in testing everything works fine.
> As soon as I drop the firewall into production, I can?t get the
> traffic from inside to hit the servers inside. For instance, I have a
> DNAT rule to put 66.193.183.7 to an internal host 192.168.15.7. From
> the outside I am fine. From inside, it bombs out. But I know that the
> rules are right as I have tested the box in the lab with the same
> rules pointing to other servers and it works. However, it seems some
> servers bomb out on the redirected traffic. I used a junko Linksys
> router just to test HTTP traffic going to its management interface.
> That did not work. However, when I put a network printer with an HTTP
> management server in it, the redirect works fine. The only thing I can
> fathom is that some servers are thinking the traffic is spoofed or
> something along those lines. Any ideas as to what a fix for this is?
perhaps you could use a DNS with views? on the internal lan, the addresses
answered would be private. on the internet, your DNS would answer with
public address?
--
Eduardo Ferreira