Fri, 27 Jul 2001 11:37:55 +0200
Yesterday, i made a post to this list about strange DNAT Problems.
Because there came no answer, i took a sniffer and tracked the ip flow
through our network
and found something interesting.
The Problem was :
DNAT worked fine from the Internet (external) , but if a request came from
the internal Network ,
the Translation Failed.
If the IP request comes from the Internet (external), then DNAT worked
perfectly all the time -->
tcpdump on the NAT Server :
timestamp . SOURCE IP.PORT -> NAT_SERVER.IP.PORT
tcpdump on the Web Server :
timestamp. SOURCE.IP.PORT -> WWW.SERVER.IP.PORT
if the Request comes from my private Network, the tcpdump was like :
timestamp. CLIENT.IP.PORT -> NAT_SERVER_PORT.
I tried to put the DNAT Rule to the OUTPUT Nat Chain, but the packet never
passed this one (its for lokal routing
purpose only i think).
And if i had a look to the packet Counter of the PREROUTING Chain, the
Packet definitively passed the PREROUTING DNAT Rule,
but the Packet could never come back, because of the wrong dest.ip Address.
So i took the rinetd Package from boutell and look : Prefect Port forwarding
without any Problems (internal and external)
any ideas ?
Intel Certified Integration Specialist Networking
Netzwerksysteme / Firewalls
Bricks Core Development