Chris Buechler wrote:
> On Mon, 24 Jan 2005 17:01:43 +0100, Alex Dyas
> <alex dot dyas at psineteurope dot com> wrote:
>>However, no matter what I try I cannot get ssh working from the Internet
>>to any of the machines. Logging on M0n0wall shows that the traffic is
>>accepted right to the machine, but blocked going back out. A tcpdump on
>>the machine verifies that it does see the incoming traffic, and that it
>>tries to reply.
> Sounds like the return traffic is hitting NAT on the way out. Enable
> advanced outbound NAT and it should route it back out rather than
> trying to NAT it.
Excellent, it works. So why is that? I'm guessing because I'm using
public IPs behind the firewall, where a more conventional setup would
use a private address space and NAT?
Thanks again :)
-= Alex Dyas , UNIX , DC Ops , PSINet , Geneva =-