[Firewall] Self-connect possible?

Roland Haeder r.haeder at gmx.de
Fri Mar 19 18:09:08 CET 2010


Hi,


> From your webserver machine, what IP do you get when you ping the
> fully qualified name?  It should resolve to the internal IP address
> (192.168.x.x) and not the external one.
I there is no webserver here. :) All is from my ISP's dynamic IP. So
here is my network configuration: (very simple, BTW)

firebox:
  - eth0 <-> ppp0 = eth0 is the hardware device of the ADSL "modem",
ppp0 has public IP 
  - eth1 = Internal network device (default NIC) with IP 192.168.1.1

quix0r:
  - eth0 = Internet network device with IP 192.168.1.17 via DHCP from
firebox

The DNS server for "quix0r" is 192.168.1.1 where dnsmasq is running on.
On "quix0r" the program in question (YaCy) runs on it. Therefore I have
IP-masquerading to route traffic from
"quix0r"->"firebox"->*Internet_here*.

But the program, listening on TCP port 8080 runs on "quix0r", therefore
I need something (still secure because "quix0r" is my desktop system)
which routes traffic from *Internet_here*->"firebox"->"quix0r".

> If you get the external IP then it is not really a firewall issue
> (well, you can have a kludge in the router's rules to work around the
> NAT issue, but it is not IMO the best solution).
See above, I'm not a pro in this. :/

Thanks,
Roland

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20100319/a411dd3a/attachment.pgp>


More information about the Firewall mailing list