Thanks..that did the job.
On Mon, Mar 1, 2010 at 5:26 PM, Tom Eastep <[email protected]> wrote:
> Red Baron wrote:
> > shorewall-lite version 4.4.6
> > Debian Lenny - 2.6.26-2-686
> >
> > I have a large network of public IPS ( 1.1.1.128/25 <http://1.1.1.128/25>
> )
> >
> > I have broken this up into several smaller subnets. I have a few servers
> > that I want to NAT translate from my gateway server to a public IP on
> > VLAN350. which is subnet 1.1.1.192 / 27.
> >
> > My gateway server has the following interfaces
> >
> > eth0 - 1.1.1.149 /28
> > eth1 - 172.16.1.0 /24
> > vlan350 - 1.1.1.193 /27
> >
> >
> > I have this entry in the nat configuration file:
> > #EXTERNAL INTERFACE INTERNAL ALL LOCAL
> > 1.1.1.198 vlan350 172.16.1.23 no no
> > #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE
> >
> > but when the host 172.16.1.23 pings the internet, the IP is masquerarded
> > as 1.1.1.149, not 1.1.1.198
> >
> > From the gateway, I can do the following
> >
> > ping www.google.com <http://www.google.com/> -I 1.1.1.198
> >
> > and I do get replies, and tcpdump on the gateway verifies that the IP
> > being used is correct, so I know the routes are in place.
> >
> >
> > Any suggestions as to what I might be doing wrong?
>
> I assume that eth0 is your external interface with the default route? If
> so you want to specify that interface in the nat file, not vlan350.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
