[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Federico Krum <federico at thehost dot com dot ar>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Biginner:Multiples WAN IPs
 Date:  Mon, 25 Aug 2003 07:21:38 +0200 (CEST)
On Mon, 25 Aug 2003, Federico Krum wrote:

> My point is that the broadband router, without having a separate dns, nor
> special configuration of any DNSForwarder or nothing, can make me reach the
> servers from both, WAN CPUs and LAN CPUs.

Ah, the famous NAT loopback or whatever you wish to call it... no, you
cannot connect to m0n0wall's WAN IP address from LAN and expect the
connection to be mapped back to a LAN server just as it would if the
connection originated from WAN - this is a limitation in ipfilter (only
packets that pass through the WAN interface get NATed), and many (though
not all) commercial firewalls have this limitation, too (you'll have to
find out first in most cases, though ;).

This issue has been discussed on this list before: see the thread
"Question: LAN->WAN->LAN" on

However, if you now have one public IP per server, you can make do without
NAT, and you shouldn't be having any of those problems anymore. Or if you
feel like patching m0n0wall a little, you can even use it as a filtering
bridge, as Bruce suggested.