On Fri, 2002-01-18 at 14:50, David Talkington wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > David Talkington wrote: > > >Dave Wreski wrote: > > > >>> Now, however, the systems behind the firewall can't access the sites > >>> on the server...ie, workstation at 192.168.0.3 can't access any of the > >>> sites hosted on 192.168.0.1, because the DNS entries for those sites > >>> point them back outside the firewall...it would seem that, while the > >>> outside world can get through the firewall to get the sites, with no > >>> problem, the machines behind the firewall can't go outside the > >>> firewall and then back in. > >> > >>Sounds like you'll need to create a separate domain to refer to your web > >>server by the internal hosts, if I understand your problem correctly. > > > >Interesting puzzle. That was my thought, too, Dave, but I'm having > >trouble seeing why there should be a routing problem as it is. The > >hop will be all the way out (at least) to his ISP's router, but I'm > >not sure I see why this is causing a problem, except for the obvious > >performance hit. The NAT setup will just cause the router to think > >that his client is trying to connect back to port 80 on itself, which > >it should happily do. > > Duh. No, I'm loopy. The packet never leaves the network, because his > gateway thinks it's a local destination. I see now that the problem > is that the ruleset for forwarding back to the DNAT'ted server only > works for connections hitting the external interface. What the OP > needs, then, is some iptables tweaking to properly forward requests > from the private net, and then it should work fine without DNS > hassles. > > Yes? Or do I need still more coffee?
This is exactly what I was thinking. But one can always use more coffee. Mike, Why don't you post your rules so we can look at them and David can fix them :) I saw a reference recently that explained the path through these filters but can't remember where. Bret _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
