Filipe Brandenburger wrote:
Hi Ward,
On Thu, Feb 19, 2009 at 20:27, Ward.P.Fontenot@wellsfargo.com wrote:
I add that and telnet to the port on BOX A and get Trying 192.168.0.1... telnet: connect to address 192.168.0.1: Connection refused I can telnet to that port on BOX B and get a successful connection.
The problem is that when BOX B responds, it will respond with a 192.168.0.2 source IP, and that will only work if it goes through BOX A again (for the DNAT to do the address translation back to 192.168.0.1).
In short, this will only work if traffic goes back to the source through BOX A.
For instance, this will NOT happen if the host that is connecting to the forwarded port is in the same subnet as hosts BOX A and BOX B.
This will also NOT happen if BOX A is not the default gateway of BOX B, or there is somehow another configuration that routes the return packets through BOX A (like using an SNAT combined with the DNAT to make the connections look like they are coming from BOX A).
A "Connection refused" response indicates that the reply path is working. If there is no response, telnet will just sit and wait, eventually displaying a "Connection timed out" message when the connection times out from the SYN_SENT state (typically about 3 minutes).