> Message: 1 > Date: Thu, 13 Jan 2005 15:42:33 +0100 (CET) > From: danci@xxxxxxxxx > Subject: DNATing back to the same network > To: netfilter@xxxxxxxxxxxxxxxxxxx > Message-ID: <Pine.LNX.4.58.0501131538030.16403@xxxxxxxxxxxxxxxxx> > Content-Type: TEXT/PLAIN; charset=US-ASCII > > Hi! > > I have a firewall with a number of DNAT rules for various ports/hosts. > It would be good if local users could use the same DNAT's. However, as > it seems this doesn't work. > > My firewall has a public IP. Some ports on this IP are DNATed to > different hosts on the local network. DNAT works for users that > connect from the internet. > > However, when a local users tries to connect to the public IP and > DNATed port, the connection fails. Which is basically logical as the > server receives a packet with the source IP of the actual user and it > answeres directly to that IP. > > Is it possible to change netfilter behaviour? Any other work-around > for that? > I have a POSTROUTING rule for any internal traffic to SNAT it so that it returns back to the router instead of directly to the user. -- ..don dhughes@xxxxxxxxxxxxxxxxxxx White Plains, NY
