[Firewall] Self-connect possible?

Roland Haeder r.haeder at gmx.de
Fri Mar 19 18:09:08 CET 2010


> From your webserver machine, what IP do you get when you ping the
> fully qualified name?  It should resolve to the internal IP address
> (192.168.x.x) and not the external one.
I there is no webserver here. :) All is from my ISP's dynamic IP. So
here is my network configuration: (very simple, BTW)

  - eth0 <-> ppp0 = eth0 is the hardware device of the ADSL "modem",
ppp0 has public IP 
  - eth1 = Internal network device (default NIC) with IP

  - eth0 = Internet network device with IP via DHCP from

The DNS server for "quix0r" is where dnsmasq is running on.
On "quix0r" the program in question (YaCy) runs on it. Therefore I have
IP-masquerading to route traffic from

But the program, listening on TCP port 8080 runs on "quix0r", therefore
I need something (still secure because "quix0r" is my desktop system)
which routes traffic from *Internet_here*->"firebox"->"quix0r".

> If you get the external IP then it is not really a firewall issue
> (well, you can have a kludge in the router's rules to work around the
> NAT issue, but it is not IMO the best solution).
See above, I'm not a pro in this. :/


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20100319/a411dd3a/attachment.pgp>

More information about the Firewall mailing list