[ previous ] [ next ] [ threads ]
 
 From:  Jim McBeath <jimmc at macrovision dot com>
 To:  Christiaens Joachim <jchristi at oce dot be>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] incoming NAT to DMZ [was Can't ping DMZ]
 Date:  Fri, 31 Oct 2003 19:56:47 -0800
On Sat, Nov 01, 2003 at 12:31:08AM +0100, Christiaens Joachim wrote:
> From: Christiaens Joachim <jchristi at oce dot be>
> To: "'Jim McBeath '" <jimmc at macrovision dot com>
> Subject: RE: [m0n0wall] incoming NAT to DMZ [was Can't ping DMZ]
> Date: Sat, 1 Nov 2003 00:31:08 +0100 

> Test it sometime with the webserver's default gateway set to the m0n0wall.
> That should work.

Yes, it does.

> You see, if the webserver gets a packet from the internet over the m0n0, it
> responds to it via its default gateway (netscreen), which is another route
> then where it came in. This breaks things.

That makes sense.

> Port forward from your m0n0 to your netscreen's public ip or vice versa, I
> think that would work... maybe ;-)

Sure enough, I changed m0n0 to forward port 80 back to my other public IP,
which in turn forwards it to my DMZ web server, and now I can access my
DMZ web server from both public IPs.  Thanks for your help.

--
Jim