Re: Addressing problem with NATted DMZ
- From: Sak Wathanasin <sw@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 29 Aug 2005 12:21:08 +0100
In article <ocvau2-uc2.ln1@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Simon Brooke <simon@xxxxxxxxxxxxxx> wrote:
> telnet baz.foo.com 25
>
> it times out, although if I try
>
> telnet 192.168.1.23
>
> it works perfectly.
I'll assume that this is a typo and you meant
telnet 192.168.1.23 25
works. This is happening because your NAT rules specify a particular
interface; something along the lines of
iptables -t nat -I PREROUTING -i eth1 -d 22.22.22.23 -j DNAT --to
192.168.1.23
iptables -t nat -I POSTROUTING -o eth1 -s 192.168.1.23 -j SNAT --to
22.22.22.23
If you remove the "-i eth1" and the "-o eth1", the rules will apply to all
traffic regardless of which interfaces the traffic is coming or going out
on. Whether you really want to do this is another matter. Personally, I'd
configure the 2 boxes to talk to each other using their internal IPs.
> (iii) a popular, reliable and reasonably well supported open source
> firewall which can bind multiple addresses to a single NIC (so Linux
> 2.4 or 2.6 and iptables, rather than 2.2 and ipchains) and which does
> not insist on NATting everything.
Just create a virtual IP; iptables is cool with it.
--
Sak Wathanasin
Network Analysis Limited
http://www.network-analysis.ltd.uk
.
- Prev by Date: Re: PoPToP problem
- Next by Date: Re: Mbox utiities?
- Previous by thread: Re: Addressing problem with NATted DMZ
- Next by thread: Re: ADSL router
- Index(es):
Relevant Pages
|
