On Tuesday 10 August 2004 9:14 am, Payal Rathod wrote:
> On Mon, Aug 09, 2004 at 12:31:33PM +0100, Antony Stone wrote:
> > Exactly the same as your extisting PREROUTING rule, but you put it in the
> > OUTPUT chain instead (still in the nat table):
> >
> > iptables -A OUTPUT -t nat -d 1.2.3.4 -p tcp --dport 25 -j DNAT --to
> > 10.10.10.2
>
> As I said earlier that now I can access the mail server at 10.10.10.2
> from the firewall machine using its external IP. But now I need to access
> the mailserver from the same machine itself using the external IP.
Why does the mail server need to refer to itself using the public IP?
Why can't it know its own private IP?
As an additional comment, you appear to be digging yourself further and
further into a situation of "I wouldn't do it like that, but if you really
need to...."
You should be cautious about doing too many things one after another which are
simply needed as workarounds for a strange network setup, or a non-ideal DNS
setup, and sooner or later you need to stop adding workarounds and change the
underlying design.
Regards,
Antony.
--
It is also possible that putting the birds in a laboratory setting
inadvertently renders them relatively incompetent.
- Daniel C Dennett
Please reply to the list;
please don't CC me.
