On Tuesday 28 May 2002 9:26 pm, George Georgalis wrote: > >> Also, I was wondering why a connect from the LAN port 50422 (to the > >> firewall) does nat to 192.168.0.1:22? It works from the internet.... > > > I want the LAN and Internet connections to :50422 to NAT to > 192.168.0.1:22 but this command from the LAN hangs... > ssh -p50422 [EMAIL PROTECTED] > and there is no connection recorded in the 192.168.0.1 log. I'm > at a loss.
The answer is routing. Internal client goes through firewall to contact server on 192.168.0.1, but 192.168.0.1 thinks it can reply to client without going back through the firewall (think about the routing table on the server). Therefore the reply doesn't get reverse NATed, and the client doesn't understand where the reply came from.... Antony.
