On May 8 2007 08:05, Ray Leach wrote: >> On May 7 2007 17:54, Pieter De Wit wrote: >> > Now, all connections are routed out via FW:ppp0 and at NAT'ed. There >> > is >> > a rule that allows connections to ppp0 on port 1234 and DNAT's them to >> > C1. When C2 makes a connection to 1.2.3.4:1234 it fails with >> > "Connection >> > refused" since there is no "server" listening on the firewall's >> > ppp0,port 1234. >> >> *BEEP* *BUZZ* *ERROR*. You have a direct connection between C1 and C2. > > There is no routing between C1 and C2, so your firewall never sees the traffic > between the 2. > > Put C1 and C2 on two seperate physical networks and connect them through > firewall to get routing to happen, then you can use iptables to do NATing > between them. > > Else put two interfaces into your firewall, give each interface an ip address > in the same subnet, configure bridging between the two, put C1 on the end of > one interface and C2 on the other if, then look into ebtables. Else always route to the gateway. As in... @client: * uncofigure the main interface * redo it with `ip a a 192.168.2.100/32 peer 192.168.2.1` (the server keeps using 192.168.2.1/24) (assuming 192.168.1.100 <-> 192.168.1.1/192.168.2.1 <-> 192.168.2.100) Jan --
