If you're trying to do it this way moving forward, then just go directly using IP or a split-DNS solution. clients 159 Windows 159 Linux 163 Automating the SSH procedure 164 SFTP 165 FileZilla 166 Terminal 167 Networking 168 Router access 169 Port forwarding. The real question is why are you trying to do it this way? If you're just trying to test, then use a true external client (either have a friend test or setup an external client). The Comcast device may have an option to enable NAT reflection but not having worked with them before, I can't say for certain if they do or not. You would need to setup or enable a hairpin NAT rule (or NAT reflection, or other various terms depending on the manufacturer) on the firewall in order to establish the NAT session to the external interface before having the traffic come back in. Internal client is expecting FTP traffic to come back with source 1.2.3.4 and discards response from 10.0.0.1.FTP server sends response back directly to 10.0.0.100 with source address 10.0.0.1 and never goes back out the firewall since it sees the local source address.Firewall has a rule that sends port 21 traffic to 10.0.0.1 and sends the traffic to 10.0.0.1 sending it with a true source address of the client IP (10.0.0.100).Internal client sends traffic to default gateway/firewall.
The traffic flow for your current setup would basically goes as follows (using example IP's): What you are trying to do generally won't work without reconfiguration on the firewall/NAT device.
0 kommentar(er)
