Hi Frank, Hi all > However, I have a web page hosted on an external site that has a > link to my internal web server via my firewall's external IP. From > a machine outside my network, that link works fine, reaching my > internal web server. However, if I connect to the external web page > from the internal network (e.g. 192.168.1.40), clicking on the link to > my internal web page fails. > > Can anyone suggest what I should do or where I should look in order > to solve this?
This issue was discussed some days ago in the thread "[Leaf-user] DCD port forwarding [second attempt]". I'll cut & paste the important sections for you: <start cut&paste> > > When I scan all ports on my router's external interface, it doesn't show port 8080 as being open. > > Why is that? Is it because it is above port 1024? I am not quite familiar with how ports are used on > > a private/public network so I'm quite sure I'm missing something here. > > Does this have to do with the hosts.allow configuration? No, it doesn't have to do anything with hosts.allow at all. This is absolutely normal that you don't see forwarded ports as open ports if scanning from the internal network. This is because the portfw code in any Unix/Linux is not able to forward ports if there is no routing. If a packet with dest. port 8080 arrives at the FW intern IF, it will not be routed so portfw rules are not active for these packets. This is also the reason why most people add a DMZ interface to the FW to force routing. Now it's possible to access the webserver with the same URL from internal and external network. Now, the webserver IS on a different interface for both, internal and external network. Every packet which belongs to the webserver will be routed and portfw rules are active. </end cut&paste> As you can see from the pasted text, another possiblity to solve the problem would be to add a third NIC to your Firewall (DMZ interface). David said to add an internal DNS server to your Firewall. This is the best and cleanest solution if you don't want to buy/add hardware. If you don't want do add a DNS server because either there is no space left on the floppy or you don't want to learn how to configure a DNS server, you also may add an entry for your website in the "hosts" file of your internal clients. Linux: /etc/hosts Windows NT: C:\WINNT\SYSTEM32\DRIVERS\ETC Windows 9x: C:\windows\system32\ (I'm not sure about Win9x, but I think the hosts file is in system32, use Filesearch) --- Sandro Minola | LEAF Developer (http://leaf.sourceforge.net) mailto:[EMAIL PROTECTED] | mailto:[EMAIL PROTECTED] http://www.minola.ch | http://leaf.sourceforge.net/devel/sminola > > > -- Frank > [EMAIL PROTECTED] > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
