Subject: Reach outside address+port of a NAT with port forwarding. Possible?
To: None <firstname.lastname@example.org>
From: Johan Ihren <email@example.com>
Date: 05/02/2002 19:52:02
On a NAT box at home I run with the following config:
#!/usr/sbin/ipnat -v -f -
map ep1 192.168.0.0/16 -> 220.127.116.11/32 portmap tcp/udp 40000:60000
map ep1 192.168.0.0/16 -> 18.104.22.168/32
map ep1 192.168.0.0/16 -> 22.214.171.124/32 proxy port ftp ftp/tcp
rdr ep1 126.96.36.199/32 port 80 -> 192.168.1.16 port 80 tcp
I.e. I have a webserver on the inside that is publicly reachable since
port 80 is forwarded through the firewall.
And my problem is that I cannot (from the inside) reach the webserver
on the (forwarded) port of the public IP address. This is what I get
from another machine on the inside:
bash# telnet 188.8.131.52 http
telnet: Unable to connect to remote host: Connection refused
I'm not really surprised by this, since this is a bit on an indan rope
trick for the poor firewall to attempt. I.e. rewrite the src of the
packed because of the NAT, find out that dst is the firewall itself
(which is fine), but then falling over on this particular port being
forwarded to the inside.
So, if it isn't possible to do this I'll have to cope, but it would be
nice if this was possible. Is it?