On Thursday 01 August 2002 11:29, j0nas wrote: [snip]
(using the external ip), BUT when I try to access the web server using the external ip (or the domain pointing to my firewall) nothing happens and i get this logged in /var/log/firewall:
I also had this occur, but my case was even worse; I had portforwarding for port 80 external address to an internal server. This, unlike your problem (as stated in the other replies) seemed (or indeed really was?) insolvable since the portforwarding occurs at an earlier stage than the NAT, so by the time the NAT-ed packet arrives at the external interface it could never be 'forwarded back in'. Or so I've been told anyway... In such cases, apart from mangling the Iptables setup, it can be a nice solution to let DNS solve this, either by having your internal DNS 'fake' the real address ( it then pretends www.domain.com is not in fact the external, but the internal IP) or, as I currently do, just have a special DNS name for your internal network and just TELL people they must use the alternative name instead whenever they're located 'inside'. (tell them to use "www.office.domain.com" instead of "www.domain.com") This may or may not be tedious to them but I dislike faking DNS records (it tends to turn into a great mess over time if you change the official DNS records and 'forget' to change the internal one!) and if people stop listening to their sysadmins then they're on their own anyway. So what if they have to change 1 or 2 bookmarks ? Not my problem, is it ? ;-)) Choose your own, according to your preferences, or affinity. Either of the three solutions mentioned wiil work for you. Maarten Oh P.S.: Do try to have your mails not sound like some kind of "ultimatum" for us all to reply to, it tends to work _very_ counter-productive. ;-) -- This email has been scanned for the presence of computer viruses. Maarten J. H. van den Berg ~~//~~ network administrator VBVB - Amsterdam - The Netherlands - http://vbvb.nl T +31204233288 F +31204233286 G +31651994273