Re: firewall problem continued

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday 10 August 2004 9:14 am, Payal Rathod wrote:

> On Mon, Aug 09, 2004 at 12:31:33PM +0100, Antony Stone wrote:
> > Exactly the same as your extisting PREROUTING rule, but you put it in the
> > OUTPUT chain instead (still in the nat table):
> >
> > iptables -A OUTPUT -t nat -d 1.2.3.4 -p tcp --dport 25 -j DNAT --to
> > 10.10.10.2
>
> As I said earlier that now I can access the mail server at 10.10.10.2
> from the firewall machine using its external IP. But now I need to access
> the mailserver from the same machine itself using the external IP.

Why does the mail server need to refer to itself using the public IP?

Why can't it know its own private IP?

As an additional comment, you appear to be digging yourself further and 
further into a situation of "I wouldn't do it like that, but if you really 
need to...."

You should be cautious about doing too many things one after another which are 
simply needed as workarounds for a strange network setup, or a non-ideal DNS 
setup, and sooner or later you need to stop adding workarounds and change the 
underlying design.

Regards,

Antony.

-- 
It is also possible that putting the birds in a laboratory setting 
inadvertently renders them relatively incompetent.

 - Daniel C Dennett

                                                     Please reply to the list;
                                                           please don't CC me.



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux