On 11/3/06, Darryl Gregorash
It should be working. Are you certain you are trying to connect to the web server on IP 192.168.0.249, and not the router? There is no masquerading done within the internal zone, as it is not needed.
The above firewall setup works by forwarding traffic from outside our network. It also works if I directly connect with http://192.168.0.249 from internal network. It does not work if I connect http://www.mydomain.com or http://myexternalip from within my network. May be I should just put that in router's host file, that would solve it. Thanks once again. -J
On 11/3/06, Darryl Gregorash
wrote: It should be working. Are you certain you are trying to connect to the web server on IP 192.168.0.249, and not the router? There is no masquerading done within the internal zone, as it is not needed.
The above firewall setup works by forwarding traffic from outside our network.
It also works if I directly connect with http://192.168.0.249 from internal network. Ahah! You *were* actually trying to do masquerading within the internal zone, when all you need is for the router to do forwarding.
It does not work if I connect http://www.mydomain.com or http://myexternalip from within my network. Quite correct; the packets arrive at the router, which does not send
On 2006-11-03 02:14, Jigish Gohil wrote: them anywhere, because it *is* "www.mydomain.com". You would need to do some packet mangling at the router for this to work. That is not necessary, because the router will forward any traffic that has a source and destination inside the internal zone.
May be I should just put that in router's host file, that would solve it.
Thanks once again.
Just putting this into the router's host file won't accomplish anything. If you wish to use a domain name from a workstation in your LAN, then you need to have that domain in the workstation's host file, or else you need to set up DNS within the LAN. You could do something like this in a host file: 192.168.0.249 webserver.localnet and then internally, connect to http://webserver.localnet, but you will need this on every workstation's host file. If your LAN is small, this is probably much easier to use than DNS. If you try this anywhere: 192.168.0.249 www.mydomain.com then something is likely to break, because it is wrong: www.mydomain.com is really "myexternalip", and the rest of the planet will tell you so.
participants (2)
-
Darryl Gregorash
-
Jigish Gohil