|
sniffer
|
 |
« on: November 08, 2005, 02:18:02 pm » |
|
I all
I know i'm not the only one that ask for this question.
Did you think this options will be one day availlable on Pfsense?
I looking on the MonoWall WebSite, they told this option will never be availlable, its the same thing for PfSense?
" m0n0wall does not (and probably will not) include a "bounce" utility."
|
|
|
|
|
Logged
|
|
|
|
|
|
Jesse7
|
|
« Reply #1 on: November 08, 2005, 02:31:50 pm » |
|
Oh well least I am not the only one. Thanks for confirming this for me now I can stop wasting my time testing my own port forwarding LOL.
|
|
|
|
|
Logged
|
|
|
|
|
|
sullrich
|
|
« Reply #2 on: November 08, 2005, 03:46:22 pm » |
|
|
|
|
|
|
Logged
|
|
|
|
|
|
sniffer
|
|
« Reply #3 on: November 08, 2005, 04:01:26 pm » |
|
My English is so bad, sorry.I have some diffucltie to explain my self.
I read the FAQ long time ago.
I know i can reach my server trought the private IP, but i dont know if it work from the external range.
I have to put some proxy to see if it accessible from the outside.
It's why i want to know if some day, the Bouce option will be availlable on PacketFilter or its impossible du to the code?
Thanks
|
|
|
|
|
Logged
|
|
|
|
|
|
sullrich
|
|
« Reply #4 on: November 08, 2005, 04:06:30 pm » |
|
My English is so bad, sorry.I have some diffucltie to explain my self.
I read the FAQ long time ago.
I know i can reach my server trought the private IP, but i dont know if it work from the external range.
I have to put some proxy to see if it accessible from the outside.
It's why i want to know if some day, the Bouce option will be availlable on PacketFilter or its impossible du to the code?
Thanks
It's not impossible yet its not easy. Take a look at http://www.openbsd.org/faq/pf/rdr.html#reflectI would happily commit patches if someone creates them, but as we are nearing 1.0 this is not on my priority list. |
|
|
|
|
Logged
|
|
|
|
|
|
Jesse7
|
|
« Reply #5 on: November 08, 2005, 04:10:02 pm » |
|
Thanks Sullrich. I red the entire FAQ about 4 months ago when I was new to PF I guess I forgot about it.
|
|
|
|
|
Logged
|
|
|
|
|
Cyrandir
Jr. Member
 Offline
Posts: 40
"There's a letter. Shall we burn it?"
|
|
« Reply #6 on: November 08, 2005, 07:37:13 pm » |
|
I think this should be included at some point. I know 1.0 is the priority right now and that's fine, but at some point this would be useful.
|
|
|
|
|
Logged
|
|
|
|
|
|
Jesse7
|
|
« Reply #7 on: November 08, 2005, 07:46:26 pm » |
|
I maybe a little confused but yeh it would be useful for testing if you don't have access to a seperation internet connection at least.
|
|
|
|
|
Logged
|
|
|
|
|
|
Sharaz
|
|
« Reply #8 on: November 08, 2005, 09:36:56 pm » |
|
im not sure why you would access something that is already on your local lan, via its external ip address? (well i guess other than for testing).
|
|
|
|
|
Logged
|
Jonathan
|
|
|
|
|
dswartz
Guest
|
|
« Reply #9 on: November 08, 2005, 10:49:11 pm » |
|
Usually because there is one DNS name and that is for an outside address. yes, there are ways around this, but they are a hassle.
|
|
|
|
|
Logged
|
|
|
|
|
|
lsf
|
|
« Reply #10 on: November 09, 2005, 04:08:07 am » |
|
Well, this is how NAT works, you can't easily traverse it out and back in. So unless someone writes a patch to acomplish this i'd say no.
But to say never is a bit strong. Although I would not like my firewall doing this. For testing you should either get somone to test for you, or have a second link (dialup or whatever) to test with.
Another thing is that testing from the inside will never be the same as testing from the outside. Doing so will often give you more greif then you would like.
I know this from learning it the hard way, stuff working on the inside of our netwrok just not when crossing the border gateway, or testing stuff with DNS and using our own DNS in the process.
My wote to this kind of function would be no. It's just another "footshooting feature" in my opinion.
|
|
|
|
|
Logged
|
-lsf
|
|
|
|
|
sniffer
|
|
« Reply #11 on: November 09, 2005, 09:07:17 am » |
|
im not sure why you would access something that is already on your local lan, via its external ip address? (well i guess other than for testing).
1-To test external DNS 2-To test some rules (The rule are not the same via the Lan NIC and the OPT1 NIC) But with proxy, its possible to test it, but you have to search active proxy... Thanks all for your answer |
|
|
|
|
Logged
|
|
|
|
|
|
sullrich
|
|
« Reply #12 on: November 09, 2005, 11:56:49 am » |
|
im not sure why you would access something that is already on your local lan, via its external ip address? (well i guess other than for testing).
1-To test external DNS 2-To test some rules (The rule are not the same via the Lan NIC and the OPT1 NIC) But with proxy, its possible to test it, but you have to search active proxy... Thanks all for your answer Has anyone stopped to think of the ramifications of this feature? *ALL* traffic that would have been to the LAN would be sent *THROUGH* the firewall. What good is that when you could simply run split dns and keep all traffic *LOCAL*? |
|
|
|
|
Logged
|
|
|
|
|
|
sniffer
|
|
« Reply #13 on: November 09, 2005, 01:29:44 pm » |
|
yeah but modified /etc/hosts dont proved that external DynDns are ok.
And dont proved the Firewall Ruleset are ok to reach Web server in the DMZ via the WAN interface...
If i understand what you tell (Im very bad in English)
|
|
|
|
|
Logged
|
|
|
|
|
|
sullrich
|
|
« Reply #14 on: November 09, 2005, 01:34:00 pm » |
|
yeah but modified /etc/hosts dont proved that external DynDns are ok.
And dont proved the Firewall Ruleset are ok to reach Web server in the DMZ via the WAN interface...
If i understand what you tell (Im very bad in English)
Use the DNS forwarder to override hosts, not /etc/hosts. This is the same as m0n0wall. Check their docs out for more information. |
|
|
|
|
Logged
|
|
|
|
|
|
pfSense Forum
