[SATLUG] Internal External Firewall using same url/ip address

Dave dave at coverstreet.com
Wed Mar 3 22:02:10 CST 2004

On Wed, 2004-03-03 at 18:30, Jaret Pfluger wrote:
> Hello all,
> Here's a problem that has been plaguing me for some time now. Any advice
> would be appreciated.
> Network diagram:
>              eth0 -
>                     (www.testme.com) 
> ------------     -------------    -------    ----------
> | Internet | ----| Firewall  |----| SW1 |----| WebSvr |
> ------------     |           |    -------    ----------
>                  -------------    
>               eth1 -            
> Explanation:
> If I am on the internet outside my firewall, I can connect to my
> webserver using www.testme.com.
> If I am on my internal network INSIDE my firewall, I CANNOT connect to
> my webserver using www.testme.com. But, I can connect to google or yahoo
> or any others.
> What do I need to do to allow me to connect internally using
> www.testme.com AND my ip address? 
> Again, thanks for any advice.
> Jaret

My system does the same thing.  I think it's an issue of the firewall
rules, but I've never really worried to much about it.  

If you send a request from the internal 192.168 network, it goes to the
router's internal NIC, and since it's not for a 192.168 address it gets
forwarded to the external NIC.  The external NIC gets it, sees that it's
for it's own address and says 'hey, why am I getting a request for my
external address from an internal source?  Only external people can ask
for this address, just like only internal people can ask for the
internal address.  I'm sure not redirecting this back to the internal
web server." and so it dumps it.

Or something to that effect.  That's the theory I've been working on for
a while now, and while it may not be completely technically correct (in
which case I'm sure someone will point it out shortly) it's close enough
for me.  I just access the web server by it's internal IP.

I know that probably didn't help much, but hopefully someone'll get you
a good answer here shortly.  


More information about the Satlug mailing list