On Thu, Sep 23, 2004 at 03:28:57PM -0400, Deadman Standing wrote: > NAT rules are normally tied to network interfaces (for security > reasons). > Ex: > Traffic arriving on the external interface (internet) translate IP's to > non-routable. > > Traffic arriving on the internal interface (lan) translate non-routable > IP's to routable IP's. > > You can have special case NAT rules based on originating IP addresses, > but that opens you to IP spoofing attacks. That is why NAT rules are > tied to network interfaces and why it is problematic addressing lan > computers from inside the lan by their routable IP's. > > In general I would be suspicious of any appliance that allowed a > configuration where lan computers could be addressed by routable IP's. > You may not be as secure as you think, but the gamble is yours to take.
Correct, it is possible to set up a special redirection (depending on your firewall software), but you have to be very careful. In most cases it is better to simply use the internal ip when you're on the internal network. For those who are interested, read http://www.openbsd.org/faq/pf/rdr.html#reflect for why this is a special case and a few solutions (including the special redirect). Maarten -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds
