Date: Mon, 15 Oct 2001 16:54:04 -0700 From: Lars Eggert <larse@ISI.EDU> To: Matthew Emmerton <matt@gsicomp.on.ca> Cc: freebsd-net@freebsd.org Subject: Re: Strange situation with NAT and sendmail Message-ID: <3BCB771C.7040306@isi.edu> References: <01cc01c155d1$2547e8c0$1200a8c0@gsicomp.on.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Emmerton wrote: > I've got two networks -- A (10.0.0.0/24) and B (192.168.0.0/24), both > behind NAT gateways. > > The problem I'm having is that I cannot connect to the mail server on > network A (10.0.0.2) from any machine behind the NAT gateway on network B. > However, any system on network B can successfully ping the gateway of > Network A, as well as connect to the two HTTP servers running on the same > host as the mail server (10.0.0.2). The mail server is running, since I can > connect to it from the NAT box on network A (via internal address) and via > public port-forwarded address from the NAT box on network B. > > Why can't I connect to it from behind the network B's NAT gateway, when I > can connect fine to other services running on the same machine? Of course you know that NATs are evil. :-) You can't run servers behind NAT boxes, generally. Or more precisely: You can only run one instance of a few popular services on one machine behind a NAT box *and* the NAT box has to be set up to know where the traffic for that port should go to. Some services (those carrying network info in the payload) don't work at all with NATs unless the NAT box mucks with the payload data. The only one I know of that most NATs support is FTP - maybe sendmail puts network info into the payload, too? Lars -- Lars Eggert <larse@isi.edu> Information Sciences Institute http://www.isi.edu/larse/ University of Southern California To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3BCB771C.7040306>