[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openbsd-pf
Subject:    Re: PF-newbie Q: Outgoing coming in ?
From:       Daniel Hartmeier <daniel () benzedrine ! cx>
Date:       2002-08-25 17:38:02
[Download RAW message or body]

On Sun, Aug 25, 2002 at 06:43:23PM +0200, Anders Jarnberg wrote:

> When I try to go to my dyndns address I get a connection refused. But
> if I try to go to the same address via www.anonymizer.com it works, so
> I'm figuring my own firewall is doing something to stop me.

I assume you mean that when you try to connect to port 80 of the
firewall from within your local network, the connection doesn't get
forwarded to web server.

>From the -current man page:

 "Note that all translation rules apply only to packets that pass
  through the specified interface.  For instance, redirecting port
  80 on an external interface to an internal web server will only
  work for connections originating from the outside.  Connections
  to the address of the external interface from local hosts will
  not be redirected, since such packets do not actually pass through
  the external interface.  Redirections can't reflect packets back
  through the interface they arrive on, they can only be redirected
  to hosts connected to different interfaces or to the firewall itself."

You could make the name server reply with the internal address for
queries about the web server name that come from the internal net
(search for 'split horizon dns' on google), or use a proxy/bouncer that
can reflect the connections back into the LAN.

Daniel

[prev in list] [next in list] [prev in thread] [next in thread]