Hi,
I'm doing something a little different this time. I have 1 routable IP and
2 private networks which I want to masquerade from behind the firewall, but
keep separate from each other. The eth1 network works great, masquerades
like it's supposed to, NAT's like it's supposed to. However, my eth2
network can't ping past the firewall. I can ping the firewall but no
traffic can make it outside. What I want are two masqueraded networks
using the same routable IP on eth0, but unable to see each other. My
interfaces are:
eth0_IPADDR=64.113.44.66
eth0_MASKLEN=24
eth0_BROADCAST=+
eth0_DEFAULT_GW=64.113.44.1
eth0_IP_SPOOF=YES
eth0_IP_KRNL_LOGMARTIANS=YES
eth0_IP_SHARED_MEDIA=NO
eth0_BRIDGE=NO
eth0_PROXY_ARP=NO
eth0_FAIRQ=NO
eth1_IPADDR=192.168.1.1
eth1_MASKLEN=24
eth1_BROADCAST=+
eth1_IP_SPOOF=YES
eth1_IP_KRNL_LOGMARTIANS=YES
eth1_IP_SHARED_MEDIA=NO
eth1_BRIDGE=NO
eth1_PROXY_ARP=NO
eth1_FAIRQ=NO
eth2_IPADDR=192.168.212.1
eth2_MASKLEN=24
eth2_BROADCAST=+
eth2_IP_SPOOF=YES
eth2_IP_KRNL_LOGMARTIANS=YES
eth2_IP_SHARED_MEDIA=NO
eth2_BRIDGE=NO
eth2_PROXY_ARP=NO
eth2_FAIRQ=NO
My pertinent DMZ info is:
# Whether you want a DMZ or not (YES, PROXY, NAT, PRIVATE, NO)
DMZ_SWITCH=NAT
DMZ_IF="eth2"
DMZ_NET=192.168.212.0/24
DMZ_SRC=64.113.44.66/32
DMZ_EXT_ADDRS="$eth0_DEFAULT_GW $EXTERN_IP"
DMZ_HIGH_TCP_CONNECT=NO
DMZ_CLOSED_DEST="tcp_${DMZ_NET}_6000:6004 tcp_${DMZ_NET}_7100"
DMZ_OPEN_DEST=" udp_${DMZ_NET}_domain
tcp_${DMZ_NET}_domain
icmp_${DMZ_NET}_:"
I can provide more of my config if needed.
-Scott
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
