On Sunday 07 March 2004 3:49 pm, Kai Weber wrote: > * Antony Stone <Antony@xxxxxxxxxxxxxxxxxxxx>: > > Are you testing both SSH/10143 and HTTP/8888 from the same client machine > > out on the Internet? > > Thanks for the tip. It works from outside. I tested only from "inside". > > Why does DNAT not work when trying from inside? See my sig below. Client (eg 192.168.1.10) connects to firewall on192.168.1.250. Firewall DNATs the packet and sends it to 192.168.1.2 192.168.1.2 replies to 192.168.1.10, which is on the local network, therefore reply doesn't go through the firewall, therefore no reverse NAT takes place. Result: 192.168.1.10 sent a packet to 192.168.1.250 and got a reply from 192.168.1.2. Confused unhappy client. See also http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-10.html Regards, Antony. -- 90% of networking problems are routing problems. 9 of the remaining 10% are routing problems in the other direction. The remaining 1% might be something else, but check the routing anyway. Please reply to the list; please don't CC me.
