On Tuesday, 12.07.2005 at 15:35 +0100, Graham Smith wrote: > I think the problem is that the redirect is to my public IP address > and I am on a machine inside the network. I'm pretty sure that if I > was outside the network this would work fine. (Haven't read all your details abov, but just an observation on this bit) If you are port-forwarding for clients outside your network and expect this to work for clients for local clients too, then you need to add more rules. One way to do this is to have DMZ and put the server-to-be-contacted-from-outside in the DMZ, then setup port forwards from outside (RED) and also from inside (GREEN). In your setup, it sounds like you need to add a PREROUTING rule for packets coming from your LAN which are addressed to your own public IP (i.e. the GREEN interface, but addressed to the firewall's RED IP address), and redirect them to the appropriate place. An alternative would be to use a split-horizon DNS - where hostnames resolve differently in- and outside the LAN. For example, in our network www.our.domain.name resolves to a 'real' public IP address in the public DNS, but on the LAN, it resolves to an address in the private 10.0.0.0/8 range ... Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature