That's right.
You can't.
It's supposed to be that way.
I'm not completely
sure, but I think this is what happens:
web1(private addr) pings web2(public addr)
fw translates this
to
web1(private addr)
pings web2(private addr)
web2(private addr)
replies to web1(private addr)
web1 expects answer
from web2(public addr) so
it just ignores that
reply.
You have two
possible solutions:
1. Set up
DNS-records so that these servers
alway use the
internal addresses.
2. Add a NAT-rule on
top of the "public" address NAT-rules,
that
says DMZ to DMZ --> orig orig, to avoid any NAT
happening at all.
Cheers,
Anders
:)
`-------------------------------------------------------------------------------'
|