[ previous ] [ next ] [ threads ]
 From:  Joey Morin <jmorin at icomm dot ca>
 To:  Adam Nellemann <adam at nellemann dot nu>
 Cc:  Joey Morin <joeymorin at alumni dot uwaterloo dot ca>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] NATed services by the public IP
 Date:  Thu, 24 Jun 2004 15:18:02 -0400 (EDT)
This one time, at band camp, Adam Nellemann said:

> Joey Morin wrote:
> > from http://m0n0.ch/wall/docbook/faq-lannat.html
> >
> > 	"Why isn't it possible to access NATed services by the public IP
> > 	address from LAN?"
> >
> > this is perhaps only a minor annoyance, but when i moved to m0n0wall i
> > lost this ability.  behind my inexq this was no problem.  can anyone
> > explain why this is not possible to implement?  is it a limitation, or
> > by design?
> While probably not quite what you are after, you could use DNS overrides
> to map some (actual or imaginary) domain names to the corrosponding
> internal IPs, and thus be able to access any NAT'ed services from the
> LAN in much the same way you would from the WAN.

my WAN link is pppoe, and the ip changes frequently.  currently i use an
smtp client on an internal box to periodically send an empty message to an
external shell account, where a running perl script extracts the ip from
the mail headers and dynamically builds an index.html containing a
redirect to the current WAN IP, and plunks it in the public_html tree on
that shell account.  this let's me give out a named URL to folks who i
want to grant access to my web server.  this url never changes, but since
the index.html is rebuilt whenever the WAN IP changes, the web server is
always reachable (longest down time is determined by the smtp client send
interval plus the perl script polling interval.  usually no more than 5

yes, this is ugly, but i don't have money right now for dyn dns!  that's
also why i'm using a pc cobbled together from curb-side garbage day finds,
and running a free firewall on it :)

so, it's been convenient to check internally whether a url i'm about to
send out to a client or friend in fact works (i.e. all links in my
homebrew dyn dns solution are working).

dns overrides won't work because i'm not using dns.  for the originating
url, yes, but that's to my external shell account.  the redirect takes my
back to the WAN interface by an explicit IP, so dns doesn't figure into
the equation.

can anyone tell me what "bounce" refers to, and perhaps how i can
implement it in m0n0wall?