|
||||||||
On Thu, 24 Jun 2004, Joey Morin wrote: > > you can't reach an internal server from the LAN via NAT by way of the WAN > IP, but you can reach the m0n0wall webgui from the LAN by way of the WAN > IP...??!! > > does anyone else think this is strange? i realize that it doesn't go Not if you understand how IP works. :-) NAT behavior is a function of the interface, while addressing the m0n0wall itself is not. Most systems implement the "weak end system" model, menaing that the machine can be reached via any of its IP addresses, regardless of whether the address matches the interface where the packet arrived. If you don't like that, add some block rules. :-) On Fri, 25 Jun 2004, Stefan Thuering wrote: > Joey Morin wrote: > > this is perhaps only a minor annoyance, but when i moved to m0n0wall i > > lost this ability. behind my inexq this was no problem. can anyone > > explain why this is not possible to implement? is it a limitation, or by > > design? > > If your ISP offers a web proxy feature you can use it to test your > nat'ed ports (because you then go out and come back in). Or if they have shell service with SSH you can tunnel the access through the shell server. Or if they have shell service without SSH, try lynx (or even telnet) from the shell server. Fred Wright |