Date: Fri, 10 Jan 2003 12:59:54 +0100 From: Roman Neuhauser <neuhauser@bellavista.cz> To: jdroflet@canada.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd ip redirect confuses Java server behind the firewall. Message-ID: <20030110115954.GM1196@freepuppy.bellavista.cz> In-Reply-To: <20030109205053.16182.h002.c009.wm@mail.canada.com.criticalpath.net> References: <20030109205053.16182.h002.c009.wm@mail.canada.com.criticalpath.net>
next in thread | previous in thread | raw e-mail | index | archive | help
# jdroflet@canada.com / 2003-01-09 20:50:52 -0800:
> A bit long...
indeed :)
> FreeBSD 4.3 running with IPFW and NATD
> One of the IP addresses is redirected to the apache/tomcat/java server.
> "redirect_address 10.150.0.24 a.b.c.d"
> No other fancy proxy stuff or fw rules.
>
> Clients on the internal network have no problems with the internal server.
> Access to the internal server from the Internet works fine except for some java
> calls.
> I tcpdumped the inside card of the firewall and can see the point where the
> java server attempts to send a request for information from it's own re-directed
> public IP. It goes like this.
>
> Internet client: w.x.y.z
> Firewall public IP: a.b.c.d redirected to the inside java box.
> inside Java IP: 10.150.0.24
>
> Keep in mind I'm sniffing the inside card of the firewall so 'in what little is
> left of my mind' everything is translated already.
> Client initiates:
> TO: 10.150.0.24
> from: w.x.y.z
> Client gets onto the web pages fine then attempts to run one of the java
> reports.
> TO: 10.150.0.24
> from: w.x.y.z
>
> The server was then doing it's reflux thing which tried to get further
> java/url stuff from whatever server the client initiated
> To: a.b.c.d
> from: 10.150.0.24 <= Java box attempts to 'reach' it's public IP.
"reach its public ip"? 10.150.0.24 is the *private* ip, isn't it?
> At this point the client gets an error 'Form not found'
what packets does the *client* see? IOW, what goes *out* from the
outside interface? the packet headers are obviously translated fine,
but maybe the server sends it its IP in the data?
> So, is this really a NATD problem or could it actually be a problem in one of
> the Java server configs ?
i would think so.
> And if so where do I look, I'm neither an Apache tomcat or java
> expert.
doesn't look like an apache problem. either tomcat or the java app.
--
If you cc me or remove the list(s) completely I'll most likely ignore
your message. see http://www.eyrie.org./~eagle/faqs/questions.html
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030110115954.GM1196>