/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Jan Stifter wrote:
> >> my ISP gave us range a.b.c.224-239
> >> and one ip for the router / firewall box: a.b.c.31
> >>
> >> configuration of the router / firewall box is:
> >>
> >> eth0, a.b.c.31 (connected to ISP)
> >> eth1, a.b.c.224-239 (servers of company 1 & 2)
> >> eth2, 192.168.0.0-255 (company 1)
> >> eth3, 192.168.1.0-255 (company 2)
> >>
>
> i have some success with this commands:
> /usr/sbin/ip route add nat a.b.c.228 via 192.168.1.10
> /usr/sbin/ip rule add prio 320 from 192.168.1.10 nat a.b.c.228
>
> from extern to a.b.c.228, i get a connection.
>
> problem:
> from the servers net, if i telnet 192.168.1.10, i get no connection,
> because the reply of 192.168.1.10 gets nat to a.b.c.228.
>
> so my new problem is:
> from company 1 and the servers, a connection to 192.168.1.10 should
> work.
>
> can anybody help me with this problem?
it sounds like the firewall host is not actually forwarding packets
from the servers net to a.b.c.228 because it is part of the servers
net (a.b.c.224/28). since it's not a remote address and it's not the
address of the firewall host, the firewall host doesn't pick up the
packet let alone nat it.
is this really a problem? why can't hosts in company1 and the servers
net just talk to 192.168.1.10 directly (with appropriate dns records
to make it invisible)?
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
