From owner-freebsd-isp  Tue Aug 24 15:34:13 1999
Delivered-To: freebsd-isp@freebsd.org
Received: from snake.supranet.net (snake.supranet.net [205.164.160.19])
	by hub.freebsd.org (Postfix) with ESMTP id 41F0C14DE4
	for <freebsd-isp@FreeBSD.ORG>; Tue, 24 Aug 1999 15:34:10 -0700 (PDT)
	(envelope-from john@arnie.jfive.com)
Received: from snake.supranet.net (snake.supranet.net [205.164.160.19])
	by snake.supranet.net (8.8.8/8.8.8) with SMTP id RAA01322
	for <freebsd-isp@FreeBSD.ORG>; Tue, 24 Aug 1999 17:35:52 -0500 (CDT)
	(envelope-from john@arnie.jfive.com)
Date: Tue, 24 Aug 1999 17:35:52 -0500 (CDT)
From: John Heyer <john@arnie.jfive.com>
X-Sender: john@snake.supranet.net
To: "freebsd-isp@FreeBSD.ORG" <freebsd-isp@FreeBSD.ORG>
Subject: Internal Servers / External IP Addresses (NAT)
In-Reply-To: <37C18CF8.5ED6BCF4@eclipse.net.uk>
Message-ID: <Pine.BSF.3.96.990824171826.988A-100000@snake.supranet.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


I recently installed FreeBSD 3.2 on a machine running NAT and IPFW to act
as a proxy server.  In addition to internet access for the internal users
via NAT, the company has also asked to put their mail and web servers on
the internal network for security reasons, yet still have them accessable
from the outside.  I moved the servers internally and had the Proxy server
take the old IP address, then re-drirected the necessary ports with NAT's
-redirect_port parameter so that for example telnetting to port 25 of the 
proxy server's alias IP address gets a connection to the internal mail
server.  

From the outside, this works great.  The problem is it doesn't work from
internal address.  When they go to the outside (routable) alias being used
by the proxy server, they don't get re-directed for some reason.  

I know the best solution might be to fool the clients into going directly
to the internal address by DNS or hosts files, but unfortunately that
would mean re-configuring 50 or so client machines.  So I'm trying to do
something at the server level - so far route statements and forwarding via
ipfw, but with no luck.  Any options to NAT I might be missing in order
for the re-direction to work from the internal side?

--
"Your illogical approach ... does have its advantages."
				-- Spock, after being Checkmated by Kirk



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message