On Tuesday 21 May 2002 10:36 pm, [EMAIL PROTECTED] wrote: > the problem i am having is that the internal private subnet > (192.168.1.0/24) on my network is unable to bring up sites that > have been setup using dnat rules. external users have no problem > viewing the sites i have set up dnat rules for.
Sounds like a routing problem. An internal client contacts the external address for one of your translated hosts. The firewall/NAT box translates the destination address to the (real) internal address of the server, and passes the packet on. Server gets the request, replies to the source address, and hey presto, doesn't need to route through the firewall to get there (because it's on the internal LAN). Therefore the reply doesn't go through the firewall/NAT box, doesn't get reverse translated, and the client sees a response from the (real) IP address of the server. Client gets confused because it sent a request to a.b.c.d and gets a response from w.x.y.z, so everything falls apart. Solution: Either do source NAT as well for internal requests, to make sure the response goes back throough the firewall/NAT machine, or else don't use the external address for internal connections (might involve adjusting DNS ?). Antony.
