Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: iptables: User Communication between internal hosts, using external addresses   Index | Next | Previous | View Flat

bryan at virginia Sep 18, 2007, 9:28 AM Views: 3536 Permalink Communication between internal hosts, using external addresses Hi folks, This is one of those problems where the best solution may just be "don't do that", but here's my question for what it's worth: I have two hosts, "A" and "B", which are both on a private internal network behind a firewall, and have the addresses "A.internal" and "B.internal" there. One of the hosts ("B") is available to the outside world as "B.external", which is forwarded through the firewall. Both "A" and "B" are masqueraded through the firewall to the outside world. Sometimes "A" needs to talk to "B". Obviously, the best way to do this would be for "A" to, e.g., "ssh B.internal". This is awkward, though, since from other hosts, outside the firewall, the command would be "ssh B.external", so it would be convenient if this address worked internally, too. Unfortunately, it doesn't. Watching with wireshark, it appears that the hosts fail to set up a TCP session because of confusion about addresses. Traffic arriving at "B" appears to come from "A.internal", so "B" answers directly to this, causing the reply arriving at "A" to appear to be from "B.internal", which isn't what "A" was looking for. I realize I could just fudge the issue by fiddling with DNS entries or /etc/hosts files, but maintaining that becomes a hassle. Can anyone suggest how to make this work transparently? Do I need to change the masquerading setup so that both internal and external interfaces are masqueraded? That sounds like it's asking for trouble. Thanks in advance, Bryan -- ======================================================================== Bryan Wright |"If you take cranberries and stew them like Physics Department | applesauce, they taste much more like prunes University of Virginia | than rhubarb does." -- Groucho Charlottesville, VA 22901| (434) 924-7218 | bryan [at] virginia ========================================================================

Subject User Time Communication between internal hosts, using external addresses bryan at virginia Sep 18, 2007, 9:28 AM     Re: Communication between internal hosts, using external addresses benny+usenet at amorsen Sep 18, 2007, 1:46 PM

Index | Next | Previous | View Flat   iptables     Announce     User     Devel

Interested in having your list archived? Contact Gossamer Threads
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.