From owner-freebsd-questions Thu Oct 10 14:22:38 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 883A037B401 for ; Thu, 10 Oct 2002 14:22:36 -0700 (PDT) Received: from dsl-64-128-185-9.telocity.com (dsl-64-128-185-9.telocity.com [64.128.185.9]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6B53D43EB2 for ; Thu, 10 Oct 2002 14:22:35 -0700 (PDT) (envelope-from mjoyner2@hq.dyns.cx) Received: (from root@localhost) by dsl-64-128-185-9.telocity.com (8.11.5/8.11.5) id g9ALLBT34123; Thu, 10 Oct 2002 17:21:11 -0400 (EDT) (envelope-from mjoyner2@hq.dyns.cx) Received: from ip-24.internal (ip-34.internal [192.168.2.34]) by hq.dyns.cx (8.11.5/8.11.5av) with ESMTP id g9ALL8l34115; Thu, 10 Oct 2002 17:21:08 -0400 (EDT) (envelope-from mjoyner2@hq.dyns.cx) Received: from hq.dyns.cx (localhost [127.0.0.1]) by ip-24.internal (8.12.6/8.12.6) with ESMTP id g9ALMLx2033723; Thu, 10 Oct 2002 17:22:22 -0400 (EDT) (envelope-from mjoyner2@hq.dyns.cx) Message-ID: <3DA5EF8D.6040108@hq.dyns.cx> Date: Thu, 10 Oct 2002 17:22:21 -0400 From: wolf User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:0.9.4.1) Gecko/20020508 Netscape6/6.2.3 X-Accept-Language: en-us MIME-Version: 1.0 To: Nick Rogness Cc: Marc Hunter , freebsd-questions@freebsd.org Subject: Re: ipfw and natd during internal to internal access ... References: <20021010151502.D2374-100000@skywalker.rogness.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by AMaViS perl-11 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG You might try freebsd-hackers or freebsd-stable mailing lists. They are more technically oriented for things like this. Nick Rogness wrote: > On Thu, 10 Oct 2002, Marc Hunter wrote: > > >>Hi, >> >>We have just implemented an ipfw and natd firewall and generally it >>works great. We are using natd for traffic going out and to redirect >>outside traffic on port 80 to a particular webserver. However, when a >>machine within the network attempts to access the web server through its >>external address (using the domain name for instance) it doesn't work. >> >>Is there some special trick to deal with this? >> > > Yeh, run an internal DNS server which resolves the site > differently on the inside of your network to the internal address. > > Any other workaround is considered shitty by most people, like: > > ipfw divert natd all from any to any via $outside_int > ipfw divert natd all from any to any via $inside_int > > However, this would probably work [not sure]. > > Nick Rogness > - WARNING TO ALL PERSONNEL: > Firings will continue until morale improves. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message