Re: Port forwarding and local firewall connections
On 2007-07-12 Marco wrote:
> On Thu, 12 Jul 2007 14:03:49 +0200, Ansgar -59cobalt- Wiechers wrote:
>> Well, of course. 10.10.10.12 is the LAN interface of your firewall,
>> but the webserver is located in the DMZ, not in the LAN. If you want
>> to connect from the firewall box to the webserver, you need to use
>> the DMZ address (http://192.168.10.2).
>
> Yes, I know. But I need to forward che connection from the firewall
> itself like it comes from the rest of the LAN.
No, you don't, as I already had described below.
>> Anyway, you have two private networks here, so you don't need to do
>> NAT in the first place. You only need NAT when public networks are
>> involved, because private IP addresses mustn't be routed over public
>> networks.
>
> This is needed because firewall has another interface for internet and
> the webserver in DMZ must replay to internet requests.
Then do NAT for that interface. To repeat myself: you don't need NAT for
connections between your two private networks. Stop using NAT there, and
your problem is solved.
Regards
Ansgar Wiechers
--
"The Mac OS X kernel should never panic because, when it does, it
seriously inconveniences the user."
--http://developer.apple.com/technotes/tn2004/tn2118.html
Reply to: