On Sat, Nov 01, 2003 at 12:31:08AM +0100, Christiaens Joachim wrote:
> From: Christiaens Joachim <jchristi at oce dot be>
> To: "'Jim McBeath '" <jimmc at macrovision dot com>
> Subject: RE: [m0n0wall] incoming NAT to DMZ [was Can't ping DMZ]
> Date: Sat, 1 Nov 2003 00:31:08 +0100
> Test it sometime with the webserver's default gateway set to the m0n0wall.
> That should work.
Yes, it does.
> You see, if the webserver gets a packet from the internet over the m0n0, it
> responds to it via its default gateway (netscreen), which is another route
> then where it came in. This breaks things.
That makes sense.
> Port forward from your m0n0 to your netscreen's public ip or vice versa, I
> think that would work... maybe ;-)
Sure enough, I changed m0n0 to forward port 80 back to my other public IP,
which in turn forwards it to my DMZ web server, and now I can access my
DMZ web server from both public IPs. Thanks for your help.