I have this setup:
firewall (linux/iptables) with 2 interfaces - the external one has 4
IP addresses: my.ext.ip.1 .. 4
ext.ip-s 2 to 4 are NATed to 3 internal machines:
Org src: Any
Orig Dest: my.ext.ip.2
Translated Svc: orig
same for ext.ip.3 to 192.168.1.3 and ext.ip.4 to 192.168.1.4
Also, before these 3 NAT rules I have a rule, which NATs all internal
calls to outside world to ext.ip.1:
OrigSrc: int.net (192.168.1.0/255.255.255.0)
In the policies I have allowed all the ports and traffic I need, and
all rules which deny access has logging turned on, i.e. I log all the
traffic which is stopped.
Now, I have this problem - from the outside world, users can access
my.ext.ip.2 and 3 on port 80 (web servers) - as intended.
from 192.168.1.2 I can access 192.168.1.3 on port 80 as well. But if I
try from 192.168.1.2 to access my.ext.ip.3 (which have to be NATed to
192.168.1.3), the connection times out.
In the same time, if I ping my.ext.ip.3 from 192.168.1.2 - the ping is OK.
Same happens from .3 machine. If I use the internal IP of machine 2 -
works OK. ButIf I try to use the external IP (which is NATed), the
connection fails. And ping works.
The firewall does not log anything - i.e. no deny rule was hit.
So, what should I do to allow such a traffic? Why it is stopped?
Thanks in advance
Svetoslav Milenov (Sunny)
Windows is a 32-bit extension to a 16-bit graphical shell for an 8-bit
operating system originally coded for a 4-bit microprocessor by a
2-bit company that can't stand 1 bit of competition.