Re: [Fwbuilder-discussion] problem seeing own website
Brought to you by:
mikehorn
From: Vadim K. <va...@vk...> - 2002-08-15 19:59:54
|
ok, but what is the problem then? I mean, in my tests it usually works as advertised when Host object with IP address of firewall's internal interface is used in the rule. Did you guys see my emal I sent few days ago, about support for virtual interfaces ? If you look at screenshots attached to it, you'll see that interfaces and their addresses become separate objects, visible in the tree. With this change fully implemented, one can simply use appropriate interface or even its address object for this kind of NAT rule. Vadim Jeremy T. Bouse wrote: > Actually this sounds a lot like the special case I've made >mention to you both in the past... The fix is that the NAT needs to set >the SRC as the Firewalls INTERNAL IP address when the SRC is from the >INTERNAL Network... I just built a host entry with the Firewall's >internal IP address for use with this one rule so it works but >ultimately would be nice to find a way for this condition to just work >as it is one suggested in the Iptables and NAT howto's... > > I've used this work around since atleast 1.0.0... I actually >have a test XML data file somewhere to test for this condition so I'll >search for it... It has 2 rules one how it should be done and the one >the hack that works... I was testing each release against it and if the >two rules came out identical I'd now the problem was fix'd... > > Jeremy > >On Thu, Aug 15, 2002 at 09:18:16AM -0700, Vadim Kurland wrote: > > >>we need more information to be able to help you. The solution certainly >>works, although you could have hit a bug in fwbuilder or simply did not >>implement it right. What version of fwbuilder do you use? How does >>iptables code generated for rules recommended in the Tutorial look like? >> >>--vk >> >> >>pau...@nt... wrote: >> >> >> >>>There is a well-known problem seeing your own webserver from client >>>machines in your local network. It is OK if you use the internal name >>>(e.g. "mywebserver.localdomain"), but it fails with its proper address >>>(e.g. "www.mysite.com"). >>> >>>This is to do with the standard DNAT rule for outgoing traffic. Your >>>webserver thinks it is talking to your firewall, so sends replies there, >>>which by default don't get NATed to the requesting client. if it too is >>>located on your local network. >>> >>>There is a solution listed in the back of the Tutorial. I've tried to >>>implement this, but it does not work for me. Has anyone else got this >>>working? >>> >>> >>>------------------------------------------------------- >>>This sf.net email is sponsored by: OSDN - Tired of that same old >>>cell phone? Get a new here for FREE! >>>https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 >>>_______________________________________________ >>>Fwbuilder-discussion mailing list >>>Fwb...@li... >>>https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion >>> >>> >>> >>> >> >> >>------------------------------------------------------- >>This sf.net email is sponsored by: OSDN - Tired of that same old >>cell phone? Get a new here for FREE! >>https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 >>_______________________________________________ >>Fwbuilder-discussion mailing list >>Fwb...@li... >>https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussio >> >n > > |