On Thu, 12 Jul 2007 14:03:49 +0200, Ansgar -59cobalt- Wiechers wrote: > Well, of course. 10.10.10.12 is the LAN interface of your > firewall, but the webserver is located in the DMZ, not in > the LAN. If you want to connect from the firewall box to the > webserver, you need to use the DMZ address > (http://192.168.10.2). Yes, I know. But I need to forward che connection from the firewall itself like it comes from the rest of the LAN. I don't understand why it refuses all connections on forwarded ports and not on other ports (ex: SSH is not forwarded, I can connect to firewall from firewall). > Anyway, you have two private networks here, so you don't > need to do NAT in the first place. You only need NAT when > public networks are involved, because private IP addresses > mustn't be routed over public networks. This is needed because firewall has another interface for internet and the webserver in DMZ must replay to internet requests. But that's not the problem, it works. :-) Thank you! -- mandi, Marco
Attachment:
pgpZtYPD0sFi8.pgp
Description: PGP signature