From owner-freebsd-questions Thu Jan 9 20:51: 1 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E4F4B37B401 for ; Thu, 9 Jan 2003 20:50:59 -0800 (PST) Received: from c009.snv.cp.net (h018.c009.snv.cp.net [209.228.34.131]) by mx1.FreeBSD.org (Postfix) with SMTP id 09E8C43F1E for ; Thu, 9 Jan 2003 20:50:54 -0800 (PST) (envelope-from jdroflet@canada.com) Received: (cpmta 8405 invoked from network); 9 Jan 2003 20:50:53 -0800 Received: from 209.228.34.115 (HELO mail.canada.com.criticalpath.net) by smtp.canada.com (209.228.34.131) with SMTP; 9 Jan 2003 20:50:53 -0800 X-Sent: 10 Jan 2003 04:50:53 GMT Received: from [65.92.126.78] by mail.canada.com with HTTP; Thu, 09 Jan 2003 20:50:52 -0800 (PST) Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 7bit MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG From: jdroflet@canada.com Subject: natd ip redirect confuses Java server behind the firewall. X-Sent-From: jdroflet@canada.com Date: Thu, 09 Jan 2003 20:50:52 -0800 (PST) X-Mailer: Web Mail 5.1.2-0_sol28 Message-Id: <20030109205053.16182.h002.c009.wm@mail.canada.com.criticalpath.net> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG A bit long... FreeBSD 4.3 running with IPFW and NATD One of the IP addresses is redirected to the apache/tomcat/java server. "redirect_address 10.150.0.24 a.b.c.d" No other fancy proxy stuff or fw rules. Clients on the internal network have no problems with the internal server. Access to the internal server from the Internet works fine except for some java calls. Java server is: HP-UX 11 Apache 1.3 Tomcat Java The Java support person sent this reply to our query: > You'll probably want to get together with your network > architect (me)and have > him sniff the packets you are sending/receiving to see the > origination and > destination addresses. Either the firewall is restricting > the IP address, > or the address is being translated incorrectly. He went on to describe how another client had a simalar problem with a load/balancer and that when they turned off Nat it worked fine - not an option in this situation. I tcpdumped the inside card of the firewall and can see the point where the java server attempts to send a request for information from it's own re-directed public IP. It goes like this. Internet client: w.x.y.z Firewall public IP: a.b.c.d redirected to the inside java box. inside Java IP: 10.150.0.24 Keep in mind I'm sniffing the inside card of the firewall so 'in what little is left of my mind' everything is translated already. Client initiates: TO: 10.150.0.24 from: w.x.y.z Client gets onto the web pages fine then attempts to run one of the java reports. TO: 10.150.0.24 from: w.x.y.z The server was then doing it's reflux thing which tried to get further java/url stuff from whatever server the client initiated To: a.b.c.d from: 10.150.0.24 <= Java box attempts to 'reach' it's public IP. At this point the client gets an error 'Form not found' So, is this really a NATD problem or could it actually be a problem in one of the Java server configs ? And if so where do I look, I'm neither an Apache tomcat or java expert. I tried aliasing the public IP on the Java box but that didn't help. Thanks in advance, J __________________________________________________________ Get your FREE personalized e-mail at http://www.canada.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message