Hello,
I'm currently using ipfw+natd for my firewall. I have some web servers on my local network. They use DynDNS for the web site name(s), using the public IP address I get from my ISP and a dyndns client. This makes it vital to be able to access these web sites from my internal network using the public IP address. This is sometimes referred to as "nat loopback", (here is a quite good explanation of the issue).
I want to avoid using a split DNS, both to keep the admin / management down (a fancy way of saying "less work"), and also because it is easier to test if a web site "works" if I am using the public IP address (I can see at once if I have messed up a firewall rule, for instance).
How do I get a firewall built on FreeBSD to have "NAT loopback" functionality, so that I can access the web sites on my local network using the public IP address? Preferably with ipfw + natd, if possible.
Note: the the web sites work correctly if accessed from another place on the internet. I've just switched to a new ISP; my previous ISP had a router / modem box (ADSL) with this functionality. My new ISP (cable) only provides me with a modem (better in many ways, I don't have to do double NAT anymore).
I'm currently using ipfw+natd for my firewall. I have some web servers on my local network. They use DynDNS for the web site name(s), using the public IP address I get from my ISP and a dyndns client. This makes it vital to be able to access these web sites from my internal network using the public IP address. This is sometimes referred to as "nat loopback", (here is a quite good explanation of the issue).
I want to avoid using a split DNS, both to keep the admin / management down (a fancy way of saying "less work"), and also because it is easier to test if a web site "works" if I am using the public IP address (I can see at once if I have messed up a firewall rule, for instance).
How do I get a firewall built on FreeBSD to have "NAT loopback" functionality, so that I can access the web sites on my local network using the public IP address? Preferably with ipfw + natd, if possible.
Note: the the web sites work correctly if accessed from another place on the internet. I've just switched to a new ISP; my previous ISP had a router / modem box (ADSL) with this functionality. My new ISP (cable) only provides me with a modem (better in many ways, I don't have to do double NAT anymore).