I have a question for the experts!
I host the domain jcghome.com here at the home office. Previously I had normal Comcast "residential" service, where TMG'S WAN IP was the public IP from Comcast. No problems accessing jcghome.com from internal network "out" and then "back" with that setup.
With their business class service, they set you up with a gateway box... which basically results in double NATting. Anyways, now nobody on the internal network can access jcghome.com (going "out" and coming back "in"). Accessing everything from outside is fine.
Here's the setup:
Public IP (DHCP)
<Comcast Business Class Gateway>
10.1.10.1 (Lan IP/Gateway)
<TMG Server 2010 Enterprise>
When watching the logs during requests for jcghome.com from internal machines I see some spoofing errors, with the source and destination IPs the same:
Log type: Firewall service
Status: A packet was dropped because Forefront TMG determined that the source IP address is spoofed.
Rule: None - see Result Code
Source: Local Host (10.1.10.10:38788)
Destination: Local Host (10.1.10.10:80)
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 10.1.10.10
I've read about TMG and spoofing, and the predominant solution is to "add the source IP address to the network on which it's being received". Well, you can't add any IP addresses to the "External" network so that won't work in my case. Does TMG not recognize any of those "internal" addresses like 192.xx or 10.xx on the External network?
So, basically I'm looking for a solution to this. Been scratching my head over this for several days now.
And if you're wondering, yes, I do want my internal machines to access the domain by going "out" then back "in", at least for the time being. I have different parts of the website hosted on different servers, and am using TMG to send traffic to the right places.
Any help would be greatly appreciated!