Goal:
Make my optional network communicate with a web server on the trusted network.
Problem:
I have a static NAT rule in place that forwards incoming packets, destined for port 80 and the specific IP 199.x.x.x, to an internal web server on the "trusted" interface. I've just come into the job and eventually the server will end up on the optional interface of course, but that is outside of this question.
What I really need help with is connecting to this site from an internal computer. As it stands, anyone on the net can hit the website just fine. But when I try to hit the site from either the trusted or optional network, I get ACK RST packets back and the connection dies.
-------------------------- - Watchguard - -------------------------- - - - - - - - - - - - - 199.x.x.x 10.x.x.x 172.x.x.x external trusted optional
These are my three interfaces. Right now 199.x.x.55 ---> 10.x.x.52, and I poke through just fine from anywhere but internally. I'm on the
172.x.x.x network and am trying to access the website via its 199.x.x.55 IP, and that is where I get the page error (ACK RST according to ethereal). Shouldn't this operate exactly the same way an external client operates since i'm referencing the site via its external IP? All I can think of, is that there is something different going on internally than I think, since all three networks are directly connected.