Re: [m0n0wall] incoming NAT to DMZ [was Can't ping DMZ]

From:	Jim McBeath <jimmc at macrovision dot com>
To:	Christiaens Joachim <jchristi at oce dot be>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] incoming NAT to DMZ [was Can't ping DMZ]
Date:	Fri, 31 Oct 2003 19:56:47 -0800

On Sat, Nov 01, 2003 at 12:31:08AM +0100, Christiaens Joachim wrote:
> From: Christiaens Joachim <jchristi at oce dot be>
> To: "'Jim McBeath '" <jimmc at macrovision dot com>
> Subject: RE: [m0n0wall] incoming NAT to DMZ [was Can't ping DMZ]
> Date: Sat, 1 Nov 2003 00:31:08 +0100 

> Test it sometime with the webserver's default gateway set to the m0n0wall.
> That should work.

Yes, it does.

> You see, if the webserver gets a packet from the internet over the m0n0, it
> responds to it via its default gateway (netscreen), which is another route
> then where it came in. This breaks things.

That makes sense.

> Port forward from your m0n0 to your netscreen's public ip or vice versa, I
> think that would work... maybe ;-)

Sure enough, I changed m0n0 to forward port 80 back to my other public IP,
which in turn forwards it to my DMZ web server, and now I can access my
DMZ web server from both public IPs.  Thanks for your help.

--
Jim