I am trying to understand why my machines on the
internal network with internal ip addresses 192.168.0.X cannot ping the public
addresses of the statically nated machines also on the same internal network
same subnet. Static nat is setup on the firewall itself with 2
Nics.
Outside can access these static natted servers
with no problems. the problem is pinging these servers from the internal
network.
ex 192.168.0.5 cannot ping public ip address
1.2.3.4 which is the public address of 192.168.0.10. 192.168.0.5 however can
ping 192.168.0.10.
halfway down the page it talks about rules being
reversed and that is exactly how my rules are setup:
here is part of it:
1. Local-Net
Local-Net
ANY
=orig
=orig
=orig
2. Local-Net
Any
Any
fw-public-ip(Hide)
=orig
=orig
3. 192.168.0.10(private ip
of
server) ANY
ANY 1.2.3.4(public ip
of server) =orig
4.
ANY 1.2.3.4
(public ip of
server) ANY =orig 192.168.0.10
(private ip of server) =orig
So if 192.168.0.2 pings 1.2.3.4, it is actually
rule 2 that will come into play. Source ip will change to that of the firewall
external ip (1.2.3.1). Destination will stay the same. So it is actually
1.2.3.1 pinging 1.2.3.4.
Now i am confused about the reply packet. it
needs to reply back to 192.168.0.5. What rule will make that
happen?
or is it possible to get the reply packet back to
the private host that originated the packet?
Thank you