On Tue, May 28, 2002 at 09:34:58PM +0100, Antony Stone wrote: >On Tuesday 28 May 2002 9:26 pm, George Georgalis wrote: > >> >> Also, I was wondering why a connect from the LAN port 50422 (to the >> >> firewall) does nat to 192.168.0.1:22? It works from the internet.... >> > >> I want the LAN and Internet connections to :50422 to NAT to >> 192.168.0.1:22 but this command from the LAN hangs... >> ssh -p50422 [EMAIL PROTECTED] >> and there is no connection recorded in the 192.168.0.1 log. I'm >> at a loss. > >The answer is routing. > >Internal client goes through firewall to contact server on 192.168.0.1, but >192.168.0.1 thinks it can reply to client without going back through the >firewall (think about the routing table on the server). > >Therefore the reply doesn't get reverse NATed, and the client doesn't >understand where the reply came from.... >
Yeah, maybe I can just change the route on the LAN computers to always use the firewall... :) Thanks everyone, // George -- GEORGE GEORGALIS, System Admin/Architect cell: 347-451-8229 Security Services, Web, Mail, mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george
