[Firehol-support] DNAT not working where inface and outface are the same

Carlos Rodrigues carlos.efr at mail.telepac.pt
Wed Oct 12 18:58:37 BST 2005


Hi!

I have a firewall connected to several LANs with NAT, and I need to have
some machines on one of the the LANs accessible from the outside. For
that I set up some interface aliases with public addresses and some DNAT
rules (without an explicit "inface") redirecting those addresses to the
internal machines (along with some accept rules in the proper "router"
blocks).

This works fine when on tries to connect to those public addresses from
the outside, or from one of the other LANs, but doesn't work when the
connection comes from the LAN where the target of the DNAT is (let's
say, users using a fully qualified DNS name that is associated with the
public address, instead of the internal name).

In other words, the DNAT works when the in and out interfaces are
different, but doesn't work when they are the same.

What can be done to work around this problem?

I've even tried to set up a "router" block where the inface and outface
are the same, but that doesn't seem to do a thing...

Thanks...

Carlos Rodrigues





More information about the Firehol-support mailing list