[Firehol-support] DNAT not working where inface and outface are the same

Carlos Rodrigues carlos.efr at mail.telepac.pt
Wed Oct 12 15:52:48 BST 2005


Hi!

I have a firewall connected to several LANs with NAT, and I need to have 
some machines on one of the the LANs accessible from the outside. For 
that I set up some interface aliases with public addresses and some DNAT 
rules (without an explicit "inface") redirecting those addresses to the 
internal machines (along with some accept rules in the proper "router" 
blocks).

This works fine when on tries to connect to those public addresses from 
the outside, or from one of the other LANs, but doesn't work when the 
connection comes from the LAN where the target of the DNAT is (let's 
say, users using a fully qualified DNS name that is associated with the 
public address, instead of the internal name).

In other words, the DNAT works when the in and out interfaces are 
different, but doesn't work when they are the same.

What can be done to work around this problem?

I've even tried to set up a "router" block where the inface and outface 
are the same, but that doesn't seem to do a thing...

Thanks...

Carlos Rodrigues





More information about the Firehol-support mailing list