John A. Sullivan III wrote:
If I understand you correctly, you are trying to connect to the web
server on the internal network from devices on the internal network.
That means the packets never pass through the firewall. In that case,
no additional rules will help you.
Well, I try to connect from a machine on the internal network, but I
don't use the internal IP address of the server. I try to connect using
the external address, which is the public ip address of the firewall. So
I thought the packets would pass the firewall..?
You could force the traffic to pass through the firewall by placing the
web server on a physical DMZ (highly preferable if this web server
allows public access as it appears to - if someone cracks it, they will
be on your internal network) or on a logical DMZ. To create a logical
DMZ, simply bind a second address for a separate subnet to the internal
interface of the firewall and change the web server internal address to
an address on that new subnet.
That's maybe a good idea... Will try that when I have some more time.
But for the time being, I want to be able to connect to my webserver as
if it were somewhere else on the internet...
However, I would think the easiest thing to do is configure Apache to
answer on port 8888. Hope this helps - John
Then I still need the prerouting-rule, but it will only alter the
destination address and not the port anymore. Would that help you think?
Thanks!
Tom.
