On 1/15/19 11:54 AM, Brian J. Murrell wrote: > If I have a Shorewall gateway doing NAT to the Internet for an RFC-1918 > LAN behind it, should I be able to communicate to services that are on > the LAN through the gateway's external IP address from hosts on the > same LAN assuming there is DNAT policy successfully allowing external > hosts to communicate with with internal services?
No -- See Shorewall FAQ 2 (http://www.shorewall.net/FAQ.htm#faq2) > > To explain, if I have a web server on the LAN that has a DNAT rule in > Shorewall allowing hosts on the Internet-side to reach it via > Shorewall's external IP, should hosts on the LAN be able to reach it by > the same Shorewall external IP? No -- again, see the above FAQ. > > If the answer is yes for a simple[r] service above like HTTP, should it > work equally well for SIP? If I have a SIP server on the LAN and when > the SIP server is INVITEing a SIP client on the LAN with an SDP payload > specifying the external IP for the media session, should the client on > the LAN be able to contact the SIP server on the Shorewall external IP > and port specified in the SDP and get that media session routed back > into the SIP server successfully? No -- again, see the above FAQ. > > For the above, it is safe to assume that SIP NAT traversal is working > successfully for hosts that are fully on the Internet-side of the > Shorewall gateway and media sessions get set up so that there is fully > functioning two-way audio. > Yes. Some of the other sub-FAQs of FAQ 2 discuss other aspects of this issue. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
