My original reply does not look like it made the list. I shall try again :) First, I agree with all the responses. I have been working with iptables for quite awhile but am no expert. I got caught up with the (I just know I'm missing something) scenario - I thought I was just doing something wrong. Apparently not! I have toyed with the DNS server concept (I knew this was a easy way around the problem) but never gave it much serious thought until Bill's response which cleared up a few concepts for me. I have gone the direction of an internal dns server to get around this problem and it s working like a champ! I do appreciate ALL the input and clarification. Again - thanks for the imput! Vernon Fort On Wed, 2003-12-10 at 14:36, Hoeschen, Chris wrote: > Can I ask why you want to access the internal server using the external > IP address? > > To get around this for myself I setup a internal only DNS server inside > my network to resolve names to internal IP addresses. This is separate > from my externally facing DNS server that is resolving my external IP > address to the DNS names. This way all I need to do is access my > internal server via the DNS name instead of the IP address. > > > > > Chris Hoeschen > Distributed System Analysts > PrimeVest Financial Services > Phone: (320) 656-4035 > Fax: (320) 656-4088 > E-Mail: chris.hoeschen@xxxxxxxxxxxxx > > > "Only two things are infinite, the universe and human stupidity, and I'm > not sure about the former." > -- Albert Einstein > > Hippopotomonstrosesquippedaliophobia is the fear of long words > > > > -----Original Message----- > From: Antony Stone [mailto:Antony@xxxxxxxxxxxxxxxxxxxx] > Sent: Wednesday, December 10, 2003 2:26 PM > To: netfilter > Subject: Re: Access to Internal server via public address > > > On Wednesday 10 December 2003 8:16 pm, William Stearns wrote: > > > Good afternoon, Vernon, > > > > On 10 Dec 2003, Vernon A. Fort wrote: > > > Anyone, > > > > > > The Problem: I have an alias public address DNAT'ed to and > > > internal address - normal and working > > > > > > What i need is to access this server using the PUBLIC address from > > > > an internal workstation. > > > If the client box and the internal server in question are on the > same > > cable, you essentially can't do this direcdtly (but read on). > > > > Picture this as a triangle; the internal machines on the bottom, > > > (client left, server right) and the firewall at the top. The packets > > physically all travel over the same Ethernet segment shared by all > > three machines, I'm just demonstrating who's talking to whom. > > Excellent answer, Bill. > > I think this explains a common situation (and a common FAQ) in more > detail, > and with more information, than I've seen before. Hopefully it is > clear to > a network non-expert as well (I don't use the term newbie here, because > once > you've got DNAT working at all, you've clearly gone beyond that > stage...) > > Your reply is (IMHO) worthy of a FAQ entry in itself. > > Antony
