I know I'm missing something simple between a couple setups. On my own servers (Novell Security Manager 6.303) I have at the top of my NAT list:
Internal (Network) -> All / All MASQ__Public
and a packet filter rule:
Source: Internal (Network) -> Service: Any -> Destination: Any
So far, so good. From my servers, I can run curl from a console login on the box. However, on two brand new ASL 6.303 installs, this is insufficient, and I had to add the following packet filter rule to get non-ICMP traffic moving to/from the console:
Source: Public (address) -> Service: Any -> Destination: Any
Now, obviously, the public interface is not on the internal network, so there's no duplication of rules; however, from the console, why is this necessary (BTW, I could not even get traffic to pass through a VPN tunnel from the console without this)? I suppose what makes me the most curious is that I did not need to do this on my own setups, which have several exclusions for SNATs for my internal servers, and otherwise are quite similar to these two new configurations.
Thoughts?
TIA
This thread was automatically locked due to age.
