Alspa
asked on
Nat U-Turn - Netscreen N50
Hey Everyone,
I was wondering if anyone knows how to enable Nat U-turn on a Juniper Netscreen Firewall.
Pretty much I have a web server that is behind the firewall and accessible via Port Forwarding. It works from outside http://www.abcxyz.com and it works internally via the private address, but it does not work internally if you try to access the outside interface of the firewall (Via Public IP) and try to U-Turn back in.
I know the solution to this can also be achieved via internal DNS hacking (Host File or internal DNS Server), but I believe there is also a way to do this via Dynamic Nat and specific firewall policies.
Thanks in advance.
I was wondering if anyone knows how to enable Nat U-turn on a Juniper Netscreen Firewall.
Pretty much I have a web server that is behind the firewall and accessible via Port Forwarding. It works from outside http://www.abcxyz.com and it works internally via the private address, but it does not work internally if you try to access the outside interface of the firewall (Via Public IP) and try to U-Turn back in.
I know the solution to this can also be achieved via internal DNS hacking (Host File or internal DNS Server), but I believe there is also a way to do this via Dynamic Nat and specific firewall policies.
Thanks in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Qlemo - I would think if that were the case then the author would be pulling up the management interface for the Netscreen rather than getting an error when attempting to access the website via its external IP. That being said, I can by no means rule out a strange condition caused by a port collision as you suggest ;-)
Cheers,
-Jon
Cheers,
-Jon
No, the management interface is NOT coming up, the port is nevertheless reserved. You have to do more, like allowing WebUI on Untrust, but that is not all, and I don't know. When I tried, I just got nothing. It is not that simple hence to disprove my assumption.
"It is not that simple hence to disprove my assumption."
I agree completely, hence my comment "I can by no means rule out a strange condition caused by a port collision as you suggest"
Cheers,
-Jon
I agree completely, hence my comment "I can by no means rule out a strange condition caused by a port collision as you suggest"
Cheers,
-Jon
ASKER
Thanks guys.
The--Captain: Very nice article. Very informative.
Qlemo: Thanks for rule info for the Netscreen.
The--Captain: The 2 terms i have heard that describe this is NAT U-Turn and Pinturning, but I think Pinturning refers more to VPNs configs and VOIP, when you have multiple IP phones behind a firewall that talks to a VOIP switch outside the network and are behind a NAT device.
Thanks again guys.
The--Captain: Very nice article. Very informative.
Qlemo: Thanks for rule info for the Netscreen.
The--Captain: The 2 terms i have heard that describe this is NAT U-Turn and Pinturning, but I think Pinturning refers more to VPNs configs and VOIP, when you have multiple IP phones behind a firewall that talks to a VOIP switch outside the network and are behind a NAT device.
Thanks again guys.
You're the first person I've heard use that nomenclature, but if it's a common term I will certainly add it to the article tags so that it can be found more easily in future searches.
Cheers,
-Jon