[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Date: Thu, 1 Mar 2001 08:12:04 -0000
T, You cannot connect to a devices externally NATed address unless you are on a seperate subnet/dmz. By rule of thumb, a router/firewall does not allow a packet to enter and be routed to a different subnet and exit the same interface in which it came in on. You can add an additional network card and create new dmz and put these device on there. Hope this helps -----Original Message----- From: Tony Wong [mailto:[email protected]] Sent: Wednesday, February 28, 2001 7:56 PM To: [email protected] Subject: [FW1] cannot connect to public address We recently moved to usiing NAT on our firewall: Private range: 192.168.0.0 -- 192.168.0.1- 192.168.0.100 for servers switches etc DHCP: 192.168.0.101 - 254 DHCP clients We have internal web servers and mail server with FQDNs that outside can access no problems by its static NAT public address. Problem is internal client cannot connect to these public (statically natted) ip addresses within the local network. They can connect to it with the private address. The only fix I have so far is by putting host files in their machines so that the web and mail servers gets resolved to the private ip address. Also using internal DNS. Question is why are these internal clients not being able to access the public ip address of the web server. I cannot ping this web server by its public ip address. I can ping the firewall both internal and public ip address. Yes the web server's statically nated address is in the same subnet as the firewall's external ip. Thanks > Shane Colombo, Senior Engineer, [email protected] > C&C Technology, +44 1256 897544, www.cctechnology.co.uk > This message is intended only for the use of the person(s) ("the intended recipient(s)") to whom it is addressed. It may contain information which is privileged and confidential within the meaning of applicable law. If you are not the intended recipient, please contact the sender as soon as possible, and then delete it from your system; you should not copy the message or disclose its contents to anyone. The views expressed in this communication may not necessarily be the views held by The Roystan Group of Companies. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|