Date: Fri, 16 Nov 2001 13:39:49 -0800 From: "Crist J. Clark" <cristjc@earthlink.net> To: Eric Long <eric@metrotv.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: natd redirect_address Message-ID: <20011116133949.A50971@blossom.cjclark.org> In-Reply-To: <B81A8643.53A3%eric@metrotv.com>; from eric@metrotv.com on Fri, Nov 16, 2001 at 09:00:51AM -0600 References: <20011116014854.D9851@blossom.cjclark.org> <B81A8643.53A3%eric@metrotv.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Nov 16, 2001 at 09:00:51AM -0600, Eric Long wrote:
[snip]
> > Huh? You shouldn't need to set alias_address if you use the interface
> > argument. What exactly are you trying to do?
>
> My thoughts exactly. Simply trying to get address redirection for
> connections destined for a public IP to go to a private IP on my LAN. It
> works fine from the outside world,
OK, so it does work.
> but from the LAN, nothing can connect to
> the services if they try and access the services from the public IP. The
> workstations on the LAN can, however, access the services via the private
> IP's.
This is to be expected. When a machine on the internal LAN sends
traffic to the public IP address, the packets go to the inner
interface of your gateway machine where they go through the firewall
_without_ being diverted to natd(8) (since you only divert packets
crossing the exterior interface). The gateway machine then accepts and
processes the packets since they came in with an address it owns.
There is nothing wrong with your configuration. You can't do what you
want to do with a setup like yours.
> >From a DNS standpoint, I want one host to work for both WAN and LAN
> connections to the server on the LAN. For example, it's an apple file
> server, so asip.domain.com should access the file sharing services on the
> box whether the connection was initiated from the WAN or LAN. Right now,
> it's not working from the LAN (again, see my other message to the list with
> the same subject "natd redirect_address" with a more in depth description of
> the problem).
Actually, split-DNS is usually the easiest solution to this.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011116133949.A50971>