-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
i've a big problem. Here's a little diagram:
[INTRANET 10.0.0.0/24]-------------+
+--[ROUTER]--(NET)
[DMZ SERVER A - 192.168.0.2]----+
[DMZ SERVER B - 192.168.0.3]----+
Each DMZ server is mapped to it's PUBLIC IP. For example:
151.8.47.A ----> 192.168.0.2
151.8.47.B ----> 192.168.0.3
and all work perfectly !!!
The problem is when, from 192.168.0.2, i try to connect to 151.08.47.B (trat's
mapped to 192.168.0.3): packets die on ROUTER.
Here's my IPTABLES configuration:
[.....]
#
# 3.1 Required proc configuration
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#
# 3.2 Non-Required proc configuration
#
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
#echo "1" > /proc/sys/net/ipv4/conf/all/proxy_arp
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "1" > /proc/sys/net/ipv4/conf/all/accept_source_route
[....]
#
# 4.3.8 POSTROUTING chain
#
$IPTABLES -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE
# This is my TRY :-( but don't work...
$IPTABLES -t nat -A POSTROUTING -o $DMZ_IFACE -s 192.168.0.0/24 -d 151.8.47.A
- -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $DMZ_IFACE -s 192.168.0.0/24 -d 151.8.47.B
- -j MASQUERADE
# Perhaps the same as the first
$IPTABLES -t nat -A POSTROUTING -o $INET_IFACE -j SNAT --to-source $INET_IP
Someone can help me ?
Please ! Oz
- --
Legge di Eagleson:
Qualsiasi tuo personale codice sorgente che non e' piu' stato
guardato da sei o piu' mesi potrebbe benissimo essere stato
scritto da qualcun altro. (Eagleson e' un ottimista; il numero
reale e' piu' vicino alle tre settimane.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFArJQHYuBSFbgkEysRAsMqAKDYL9wufFI1uEVNubiBhsdlLVHs+gCgjwq3
JASN8hPUrFKObgR4MzAPZ0k=
=hVW2
-----END PGP SIGNATURE-----
