I'm not sure I quite understand what is going on there.
The filters normally block ICMP. If you put in a stateful ICMP
exception from private to public it will still block ICMP if you try to
ping from the server itself. So filtering might be giving you
misleading results.
If you are doing an IPTRACE from the server (as opposed to TRACERT from
a PC), you may also not be getting expected results, since IPTRACE uses
UDP port 9000 I think, instead of ICMP.
In any case, if the server is generating traffic that is going to the
internet, it would always be sending it with a source address of the
public address, since the traffic goes out that interface. I don't see
how you could get a service bound to the private IP address to somehow
send out using the private IP address (perhaps a tricky NAT issue), and
it wouldn't get a reply if it did go out.
This may be a filtering issue. I would simply test with IPFLT unloaded
and see if it works. If so, then you need to put in some sort of
filter exception, and it should be easy to do. If not, you may have a
routing issue or something wrong with the application.
Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to
http://www.craigjconsulting.com ***
Re: Dynamic NAT not working from server private NIC...
Threaded Mode
