I finally figured out my SNAT/DNAT issues.. it took one look at the live filter log to figure it out..
the packet filters are applied AFTER a packet is SNAT/DNAT'd.. so i have to have a rule to allo HTTP to my INTERNAL_IP or internal host on a per protocol basis..
i was looking at the live filter log and i could see the requests coming from my company firewall and heading to 192.168.0.197 and THAT finally got my attention.. i had created a rule taht allowed it to/through the public ip...
okay.. bonehead move.. now that i have this working i might just keep this.. only if they would reply to my requyest to drop the 10 ipsec tunnels and give me 8 smtp proxy domains instead of 5 and i would be golden..
had to vent...
[ 24 May 2002: Message edited by: mallyman ]
This thread was automatically locked due to age.