On Tuesday 16 March 2004 5:20 pm, Ronny Fauth wrote:
> Antony Stone wrote:
>
> >Think about the replies.
> >
> >192.168.0.3 sends a packet to xxx.dyndns.org, that gets translated by
> >192.168.0.1 into 192.168.0.2
> >
> >192.168.0.2 receives the packet, sees that the sender is 192.168.0.3, and
> >replies.
> >
> >Therefore 192.168.0.3 sent a packet to xxx.dyndns.org and got a reply from
> >192.168.0.2. It can't handle this, so fails.
>
> Well ya, sounds logically..... but how can i solve this Problem? so i
> can test wether the forwarding is working or not
This depends on whether you need the address translation system to work (after
you've tested it and decided it's okay):
a) only from the Internet, or
b) from both the Internet and the local network.
If (a), then you should test it from the Internet, because that's what you
need to work correctly - testing from the local network is not the same.
If (b), then you should be using split DNS to give the private address to
local clients, and the public address to external clients - then each will
connect to the correct IP address depending on where they're starting from.
Of course the other solution is to put local clients, and the server you're
talking to, on separate subnets from the firewall, so no matter who talks to
them, the packets always go through the firewall and always get NATted.
Regards,
Antony.
--
People who use Microsoft software should be certified.
Please reply to the list;
please don't CC me.
