From owner-freebsd-questions Fri Jan 10 3:59:59 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8479737B401 for ; Fri, 10 Jan 2003 03:59:57 -0800 (PST) Received: from mail.bellavista.cz (mail.bellavista.cz [62.168.44.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id DF1C943EB2 for ; Fri, 10 Jan 2003 03:59:56 -0800 (PST) (envelope-from neuhauser@bellavista.cz) Received: from freepuppy.bellavista.cz (freepuppy.bellavista.cz [10.0.0.10]) by mail.bellavista.cz (Postfix) with ESMTP id 2875029E; Fri, 10 Jan 2003 12:59:56 +0100 (CET) Received: by freepuppy.bellavista.cz (Postfix, from userid 1001) id 6F1E92FDD73; Fri, 10 Jan 2003 12:59:54 +0100 (CET) Date: Fri, 10 Jan 2003 12:59:54 +0100 From: Roman Neuhauser To: jdroflet@canada.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd ip redirect confuses Java server behind the firewall. Message-ID: <20030110115954.GM1196@freepuppy.bellavista.cz> Mail-Followup-To: jdroflet@canada.com, freebsd-questions@FreeBSD.ORG References: <20030109205053.16182.h002.c009.wm@mail.canada.com.criticalpath.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030109205053.16182.h002.c009.wm@mail.canada.com.criticalpath.net> User-Agent: Mutt/1.5.1i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG # jdroflet@canada.com / 2003-01-09 20:50:52 -0800: > A bit long... indeed :) > FreeBSD 4.3 running with IPFW and NATD > One of the IP addresses is redirected to the apache/tomcat/java server. > "redirect_address 10.150.0.24 a.b.c.d" > No other fancy proxy stuff or fw rules. > > Clients on the internal network have no problems with the internal server. > Access to the internal server from the Internet works fine except for some java > calls. > I tcpdumped the inside card of the firewall and can see the point where the > java server attempts to send a request for information from it's own re-directed > public IP. It goes like this. > > Internet client: w.x.y.z > Firewall public IP: a.b.c.d redirected to the inside java box. > inside Java IP: 10.150.0.24 > > Keep in mind I'm sniffing the inside card of the firewall so 'in what little is > left of my mind' everything is translated already. > Client initiates: > TO: 10.150.0.24 > from: w.x.y.z > Client gets onto the web pages fine then attempts to run one of the java > reports. > TO: 10.150.0.24 > from: w.x.y.z > > The server was then doing it's reflux thing which tried to get further > java/url stuff from whatever server the client initiated > To: a.b.c.d > from: 10.150.0.24 <= Java box attempts to 'reach' it's public IP. "reach its public ip"? 10.150.0.24 is the *private* ip, isn't it? > At this point the client gets an error 'Form not found' what packets does the *client* see? IOW, what goes *out* from the outside interface? the packet headers are obviously translated fine, but maybe the server sends it its IP in the data? > So, is this really a NATD problem or could it actually be a problem in one of > the Java server configs ? i would think so. > And if so where do I look, I'm neither an Apache tomcat or java > expert. doesn't look like an apache problem. either tomcat or the java app. -- If you cc me or remove the list(s) completely I'll most likely ignore your message. see http://www.eyrie.org./~eagle/faqs/questions.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message