TIA for any help someone can give.

I've got the classic setup.  Static IP (w.x.y.z), NetBSD 
firewall/router(ipfilter/ipnat), internal network with a webserver @ 
192.168.a.b.
Nat is configured to RDR port 80 requests to the internal webserver 
192.168.a.b

Almost all is well.  WAN computers can access the pages on the webserver 
correctly, and internal network computers can access the pages if they go 
directly to 192.168.a.b.
BUT.... (isn't there always a BUT?)
If INTERNAL computers (i.e. 192.168.c.d) go to w.x.y.z, nuthin' happens.  
"The page cannot be displayed".

This isn't a huge problem, except that i want internal computers to access 
my domain (my.domain.com, which correctly points to w.x.y.z) from 
inside......

i could always make an entry in the hosts file of each of the internal net 
computers to make my.comain.com point to 192.168.a.b, but that seems like 
such a hack that shouldn't be necessary with ip(nat/filter).

My hunch is that i'm doing this to myself in IPFILTER somewhere....
here's the relevant entries...

# to let in http requests
pass in on sip0 proto tcp from any to any port = 80 keep state keep frags

# to let internal guys out (and replies)
pass out on sip0 proto tcp from any to any flags S keep state keep frags

or maybe it has something to do with the "portmap" in ipnat.conf?  are the 
internal request's ports getting rewritten before the request tries to go 
back through the rdr?

thanks again for your time.

Jeremy Hou


_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com