On 2007-07-12 Marco wrote: > On Thu, 12 Jul 2007 14:03:49 +0200, Ansgar -59cobalt- Wiechers wrote: >> Well, of course. 10.10.10.12 is the LAN interface of your firewall, >> but the webserver is located in the DMZ, not in the LAN. If you want >> to connect from the firewall box to the webserver, you need to use >> the DMZ address (http://192.168.10.2). > > Yes, I know. But I need to forward che connection from the firewall > itself like it comes from the rest of the LAN.
No, you don't, as I already had described below. >> Anyway, you have two private networks here, so you don't need to do >> NAT in the first place. You only need NAT when public networks are >> involved, because private IP addresses mustn't be routed over public >> networks. > > This is needed because firewall has another interface for internet and > the webserver in DMZ must replay to internet requests. Then do NAT for that interface. To repeat myself: you don't need NAT for connections between your two private networks. Stop using NAT there, and your problem is solved. Regards Ansgar Wiechers -- "The Mac OS X kernel should never panic because, when it does, it seriously inconveniences the user." --http://developer.apple.com/technotes/tn2004/tn2118.html -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]