On Thu, 13 Jan 2005 danci@xxxxxxxxx wrote: > I have a firewall with a number of DNAT rules for various ports/hosts. It > would be good if local users could use the same DNAT's. However, as it > seems this doesn't work. > > My firewall has a public IP. Some ports on this IP are DNATed to different > hosts on the local network. DNAT works for users that connect from the > internet. > > However, when a local users tries to connect to the public IP and DNATed > port, the connection fails. Which is basically logical as the server > receives a packet with the source IP of the actual user and it answeres > directly to that IP. > > Is it possible to change netfilter behaviour? Any other work-around for > that? Set up split horizon DNS so that the internal clients go direct to the internal IP, rather than to the public IP. --- Charlie
