Subject: Reach outside address+port of a NAT with port forwarding. Possible?
To: None <>
From: Johan Ihren <>
List: current-users
Date: 05/02/2002 19:52:02
On a NAT box at home I run with the following config:
#!/usr/sbin/ipnat -v -f -
map ep1 -> portmap tcp/udp 40000:60000
map ep1 ->
map ep1 -> proxy port ftp ftp/tcp

rdr ep1 port 80 -> port 80 tcp
I.e. I have a webserver on the inside that is publicly reachable since
port 80 is forwarded through the firewall.

And my problem is that I cannot (from the inside) reach the webserver
on the (forwarded) port of the public IP address. This is what I get
from another machine on the inside:

bash# telnet http
telnet: Unable to connect to remote host: Connection refused

I'm not really surprised by this, since this is a bit on an indan rope
trick for the poor firewall to attempt. I.e. rewrite the src of the
packed because of the NAT, find out that dst is the firewall itself
(which is fine), but then falling over on this particular port being
forwarded to the inside.

So, if it isn't possible to do this I'll have to cope, but it would be
nice if this was possible. Is it?


Johan Ihren