Hmm, gotcha. I guess that makes sense actually.
I'll see if I can't figure it out.
Nate
On Wed, 2008-01-30 at 08:49 +0530, Go Wow wrote:
Nathan i can even view it, from inside LAN you cannot view it, if i
remember correctly someone said when you try to enter on NAT'ted ip
from inside network
Nathan i can even view it, from inside LAN you cannot view it, if i remember
correctly someone said when you try to enter on NAT'ted ip from inside
network the router doesnt know the address where it needs to forward your
request. Now look im not a networking guru and not even iptables guru so
*shrug* same here
Are you trying to hit the natted address from inside the LAN that is
being natted to? Hairpin NAT doesnt work in iptables...
--
Aubrey Wells
Senior Engineer
Shelton | Johns Technology Group
A Vyatta Ready Partner
www.sheltonjohns.com
On Jan 29, 2008, at
I just connected and see the Apache 2 test page running on CentOS
John
Nathan McBride wrote:
First off I appreciate help from everyone, this is a nice change to some
mailing lists I'm used to. Unfortunately, I am still having the same
problem. I'm giving out real information, probably
First off I appreciate help from everyone, this is a nice change to some
mailing lists I'm used to. Unfortunately, I am still having the same
problem. I'm giving out real information, probably shouldn't, but
that's how frustrated I am. I just get an unable to connect error. The
firewalls are
Yeah I was about to say the same thing as Aubrey said, I had the same issue
when i was trying to access the NATt'ed ip from inside the LAN, try to
access it from outside any ip.
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
John just told me he can get to the page too.
From inside the lan I am going to a browser and typing
www.nombyte.com. And it doesn't work?
Nate
On Tue, 2008-01-29 at 22:08 -0500, Aubrey Wells wrote:
*shrug* same here
Are you trying to hit the natted address from inside the LAN that is
It sounds like you're a victim of hairpin natting. Very frustrating.
Iptables doesnt do it (that I know of.) I first encountered this on a
PIX firewall years ago and thought it was an absurd limitation (then I
found out my beloved linux couldn't do it either and was crushed).
Cisco fixed
Its been a while since I researched it, but I think there was
something about the way netfilter_conntrac tracks the NAT sessions
that prevents the hairpin nat from working. I never figured out a way
around it and no one on google was helpful either.
The usual solution is to put a dns entry
Another way would be to have these kind of servers (which needs to be
access from LAN ) on another subnet. Looks feasible to me.
___
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Can't I do another nat rule?
On Tue, 2008-01-29 at 22:25 -0500, Aubrey Wells wrote:
It sounds like you're a victim of hairpin natting. Very frustrating.
Iptables doesnt do it (that I know of.) I first encountered this on a
PIX firewall years ago and thought it was an absurd limitation
Hi Nate,
If the problem you're seeing is caused by external vs. internal DNS problem
(external access is fine, but internal hosts resolve the server to the external
address and therefore cannot access it), you might be able to work around it
using NAT. See the following message from the list
12 matches
Mail list logo
