> Our ISP has given us a range of IP adresses (the ones below are
> obfuscated ;)):
>
> Segment: 38.87.5.112 /28
> net address:           38.87.5.112
> gateway adress:   38.87.5.113
> firewall:              38.87.5.114
> fria fasta ip:         38.87.5.115-126
> broadcast address:    38.87.5.127
> netmask:              255.255.255.240
>
> I have set up the DMZ with
> net adress 38.87.5.120
> Gateway: 38.87.5.121
> Server: 38.87.5.122
>
> netmask:              255.255.255.252
>
> To ensure that routing worked properly I just entered pass (and nat of 
> course) in the /etc/pf.conf file.
>
> I have no trouble connecting to the server at 38.87.5.122 from the
> internal net where nat-addresses are used, but for some reason
> I cant connect to the server from the outside. I thought it was a
> routing problem but when I entered a port redirect from the gateway
>

I suspect it may still be a routing problem.  You have a range of 13
available IP's from your ISP, but according to the subnet they are all
on the same network.  Unless I've mis-read something (which happens
often) you need to have the ISP split your range into 2 networks* and
set the router located at 38.87.5.113 to route the next hop of the
second network to your firewall.

* note you will lose a couple of ip's by doing that.

A simple way to test would be to move the 38.87.5.122 machine to the
same network as the firewall (so that it's no longer being firewalled)
and see if you can get to it.


--Bryan

Reply via email to