|
||||||||||
On Mon, 25 Aug 2003, Federico Krum wrote: > My point is that the broadband router, without having a separate dns, nor > special configuration of any DNSForwarder or nothing, can make me reach the > servers from both, WAN CPUs and LAN CPUs. Ah, the famous NAT loopback or whatever you wish to call it... no, you cannot connect to m0n0wall's WAN IP address from LAN and expect the connection to be mapped back to a LAN server just as it would if the connection originated from WAN - this is a limitation in ipfilter (only packets that pass through the WAN interface get NATed), and many (though not all) commercial firewalls have this limitation, too (you'll have to find out first in most cases, though ;). This issue has been discussed on this list before: see the thread "Question: LAN->WAN->LAN" on http://m0n0.ch/wall/list/?action=show_threads&actionargs%5B%5D=200306 However, if you now have one public IP per server, you can make do without NAT, and you shouldn't be having any of those problems anymore. Or if you feel like patching m0n0wall a little, you can even use it as a filtering bridge, as Bruce suggested. HTH, Manuel |