[Ferm] NAT network not able to reach outside IP of NAT server.
Max Kellermann
max at duempel.org
Wed Mar 16 23:11:52 CET 2011
On 2011/03/16 23:10, Eivind Aksland <eaksland at hotmail.com> wrote:
> This makes my server accessible from the internet. But if I try to
> reach my server from one of my NAT'ed interfaces I don't get any
> response via https://test.foo.no.
Yes, you get a response, but not the one you're expecting.
Say, 172.27.1.42 connects to your external IP on port 443. The router
rewrites the destination IP to 172.27.1.122, and retransmits the
modified packet in $public_if. Now: src=172.27.1.42,
dst=172.27.1.122.
172.27.1.122 receives the packet, coming from 172.27.1.42. It sends
the response to 172.27.1.42.
172.27.1.42 gets a packet from 172.27.1.122, but it doesn't know what
to do with it. It doesn't know 172.27.1.122, it only knows your
external IP.
What you need is SNAT, so response packets are routed through your
internet router.
(That problem is not specific to ferm)
Max
More information about the Ferm
mailing list