From owner-freebsd-questions Fri Jan 10 19:35:19 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AE05037B401 for ; Fri, 10 Jan 2003 19:35:17 -0800 (PST) Received: from c009.snv.cp.net (h017.c009.snv.cp.net [209.228.34.130]) by mx1.FreeBSD.org (Postfix) with SMTP id ADC6343F18 for ; Fri, 10 Jan 2003 19:35:11 -0800 (PST) (envelope-from jdroflet@canada.com) Received: (cpmta 2031 invoked from network); 10 Jan 2003 19:35:11 -0800 Received: from 209.228.34.125 (HELO mail.canada.com.criticalpath.net) by smtp.canada.com (209.228.34.130) with SMTP; 10 Jan 2003 19:35:11 -0800 X-Sent: 11 Jan 2003 03:35:11 GMT Received: from [65.92.126.78] by mail.canada.com with HTTP; Fri, 10 Jan 2003 19:35:09 -0800 (PST) Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 7bit MIME-Version: 1.0 To: freebsd-questions@FreeBSD.ORG Cc: freebsd-questions@FreeBSD.ORG From: jdroflet@canada.com Subject: Re: natd ip redirect confuses Java server behind the firewall. X-Sent-From: jdroflet@canada.com Date: Fri, 10 Jan 2003 19:35:09 -0800 (PST) X-Mailer: Web Mail 5.1.2-0_sol28 Message-Id: <20030110193511.10104.h012.c009.wm@mail.canada.com.criticalpath.net> Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG snip >> loads the web pages fine then attempts to run one of the java > > reports. > > TO: 10.150.0.24 > > from: w.x.y.z > > > > The server was then doing it's reflux thing which tried to get further > > java/url stuff from whatever server the client initiated > > To: a.b.c.d > > from: 10.150.0.24 <= Java box attempts to 'reach' it's public IP. > > "reach its public ip"? 10.150.0.24 is the *private* ip, isn't it? Yes, the 10. private address of the java box sends packets to the address is his alias on public side. The java box should never try to do this, in my mind (very little of it left now:) java should not even know what it's public address is unless Natd is not working properly and if that were the case I'd think to have found something about such a problem during my day of searching the net. The statement about the 'reflux' above was made by the java support person, and I think he's saying that it is the client providing the IP address to the java box in it's call for the report, and java box is too dumb (read config file problem ?) to know it should be asking itself. > > > At this point the client gets an error 'Form not found' > > what packets does the *client* see? IOW, what goes *out* from the > outside interface? the packet headers are obviously translated fine, > but maybe the server sends it its IP in the data? The firewall won't send those packets on because its set to stop spoofing on the inside interface. "add deny all from ${onet}:${omask} to any in via ${iif}" > > > So, is this really a NATD problem or could it actually be a problem in one of > > the Java server configs ? > > i would think so. > > > And if so where do I look, I'm neither an Apache tomcat or java > > expert. > > doesn't look like an apache problem. either tomcat or the java app. I don't know much about either and Mr. Java support guy says it's my NAT on the firewall. If anyone knows which file I should look in first I'd really appreciate it. > > -- > If you cc me or remove the list(s) completely I'll most likely ignore > your message. see http://www.eyrie.org./~eagle/faqs/questions.html __________________________________________________________ Get your FREE personalized e-mail at http://www.canada.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message