Internal Vs. External IP Addresses : Cannot Use External Addresses Internally

[Craig P]

I have a MAIL server and an FTP server that are visible internally with
unique IPs (10.0.0.102 and 10.0.0.103). Externally, they are visible with
one shared external IP addresses (X.X.X.X shared IP on FTP: Port 21, SMTP:
Port 25, and POP3: Port 110)

I have a firewall that maps the external X.X.X.X and Port number to the
10.0.0.102 or 10.0.0.103 internal address.

These devices and addressing work fine internally using the internal
addresses and externally using the external addresses. Why can't I use the
external IP addresses on the internal side. These ping fine but I cannot
get Mail or FTP connectivity.

Any help or insight would be appreciated.

Thanks, Craig

 

[Ed Horley]

Craig,
Most firewalls have a rough time doing NAT/PAT outbound only to turn around
and take that session inbound to itself again. Often the way folks get
around this problem is either by using DNS Doctoring (doesn't work for PAT
configurations) or doing some sort of alias command structure in their
firewalls. Depending on the manufacture and code release all of this is
done differently. Here is a quick link on the Cisco PIX product as a quick
read.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

What firewall product are you using?

Regards,
Ed

 

[Phillip Windell]

You can't, it is the way that NAT works. You create a situation where the
NAT process creates a packet that has the same IP# and MAC address for both
the source and detination.

You have to access internal resources by the internal IP#.