On Tuesday 10 August 2004 12:46 pm, Payal Rathod wrote:
> On Tue, Aug 10, 2004 at 10:14:22AM +0100, Antony Stone wrote:
> > > No idea. I thought that is recommended. I mean every machine should
> > > be able to access itself using all its IPs.
> >
> > That would mean "all IPs on all interfaces of the machine". It doesn't
> > include arbitrary IPs which some other machine may choose to translate to
> > an IP on this machine's interface.
>
> Let me rephrase it. A mail server needs to connect to any IP in the world
> so why cannot it connect to an IP which is in its subnet.
Because the public IP is not in its own subnet.
Your mail server's real address is 10.10.10.2, with a /8 netmask.
Its public IP (as far as the firewall is concerned) is 1.2.3.4.
Those are different subnets.
Regards,
Antony.
--
Never automate fully anything that does not have a manual override capability.
Never design anything that cannot work under degraded conditions in emergency.
Please reply to the list;
please don't CC me.
