Orbit

We use no_nat or nat exceptions to achieve the desired result. Their are some circumstance where we NAT exempt the DMZ traffic yet overload the LAN traffic to a DMZ IP, yet in the majority of cases we nat exempt both ways between LAN <--> DMZ <--> Internet.

The design is somewhat based on Cisco IP Addressing Best Practice and DMZ hosts using their actual public IP's https://www.cisco.com/web/about/ciscoitatwork/network_systems/Cisco_IP_Adres.... We also have DMZ's with private IP's with NAT set to public IP's on both inside and outside interfaces to acheive the same result.

Mick

On Thu, Nov 25, 2010 at 9:14 AM, Scott Weeks surfer@mauigateway.com wrote:

--- tbauia@gmail.com wrote: From: Tarau Bauia tbauia@gmail.com

I have a situation that I could not access my own public ip address from my LAN through any protocol http, ftp. I am using NAT server 2003 and open ports and assign some local ips to manage some services like our local mail, extra but the problem when trying to access my local mail with public ip address it always can not be found unless I use it local address.

---

If you're on the inside of the NAT box, you will access the services with the private IPs. If you're "outside" the NAT box, then you'd use the public IP. For example, below, if you're on the workstation you would not use the public IP. But, if you're out on the internet you would use the public IP:

      inside of NAT    |||     outside of NAT

workstation ------- [=== NAT router ===] ------- WAN ------ internet (private IP) (private IP) (public IP)

Did I understand correctly?

scott

---

---

---

---

pacnog mailing list pacnog@pacnog.org http://mailman.apnic.net/mailman/listinfo/pacnog