[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] NAT / DMZ / Webservers / Routing?
Check to see if your firewall sends icmp-redirects. Basically, if icmp-redirects is on then your firewall sees a packet come from your webserver to the external address which your firewall realizes nats back to an address that should be locally routable by the webserver and sends back a redirect to the webserver w/ the external address redirected. This can confuse the webserver. See if turning off icmp-redirects on your firewall helps. Kevin Martin Bank of America [email protected] -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Thursday, June 21, 2001 12:38 PM To: [email protected] Subject: [FW1] NAT / DMZ / Webservers / Routing? Got a problem thats making me Crazy!! Not sure if it behavior by design or user error. FW-1 machine with 3 nic interfaces.... 1. external to the internet (external IP) 2. DMZ (192.168.0.x) 3. LAN (192.168.1.x) Natting the external IP's to several diff Internal webservers and IP's in the DMZ Webservers are serving up pages with the correct external IP's "LAN" and "External" can see websites OK. BUT....WebServer1 cannot see its own pages or WebServer2's pages when using the external IP's. Same behavior with WebServer2. Internal IP's work correctly. TraceRT on the external IP's from the webservers, stop cold at the firewall machine. I don't see any indication the firewall is blocking, assume its a routing or nat limitation. Please....any ideas? Internet ******** | | external IP | ----------- | | | | DMZ (192.168.0.X) | FW-1 |--------------|WEB SERVER 1 | | |WEB SERVER 2 | | ----------- | | ******* Office LAN DMZ (192.168.1.x) Thank You, Jeff Metcalfe [email protected] ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|