Red Baron wrote: > shorewall-lite version 4.4.6 > Debian Lenny - 2.6.26-2-686 > > I have a large network of public IPS ( 1.1.1.128/25 <http://1.1.1.128/25> ) > > I have broken this up into several smaller subnets. I have a few servers > that I want to NAT translate from my gateway server to a public IP on > VLAN350. which is subnet 1.1.1.192 / 27. > > My gateway server has the following interfaces > > eth0 - 1.1.1.149 /28 > eth1 - 172.16.1.0 /24 > vlan350 - 1.1.1.193 /27 > > > I have this entry in the nat configuration file: > #EXTERNAL INTERFACE INTERNAL ALL LOCAL > 1.1.1.198 vlan350 172.16.1.23 no no > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE > > but when the host 172.16.1.23 pings the internet, the IP is masquerarded > as 1.1.1.149, not 1.1.1.198 > > From the gateway, I can do the following > > ping www.google.com <http://www.google.com/> -I 1.1.1.198 > > and I do get replies, and tcpdump on the gateway verifies that the IP > being used is correct, so I know the routes are in place. > > > Any suggestions as to what I might be doing wrong?
I assume that eth0 is your external interface with the default route? If so you want to specify that interface in the nat file, not vlan350. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
