On Thursday 02 February 2012 2:35:20 am Andrew Beverley wrote: > On Wed, 2012-02-01 at 17:08 -0500, Dimitri Yioulos wrote: > > On the test machine (call it box 3 in the diagram), I changed the ip to > > be 75.x.x.28, netmask 255.255.255.248, network 75.x.x.24. I set the > > gateway to be 75.x.x.25 (eth3 address on the firewall/router). I can't > > ping anything. > > I wasn't very clear in my last post. You'll need to separate out that > small block into different subnets, as they're on different interfaces. > > > If I had my choice, though, I'd rather assign an address of 192.168.1.x > > to the test machine (as with the rest of the devices in the DMZ), and > > make it use the WAN2 connection instead of WAN1 that the other devices > > are using. > > Actually, it's probably as easy to do this. Set the 192.168.1.x IP > address on the test machine, then try pinging eth3's IP address from the > test machine. That should work. Then try the gateway on the same subnet. > That should also work. > > Once that's working, then you should be able to do a DNAT on the > firewall to send packets coming in on eth3 to the test machine > (192.168.1.x). > > Andy > > > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html I changed the ip addy of the test server to 192.168.1.11, back on the DMZ subnet. I now have partial success, as I can ping the gateway (75.x.x.30). I think I have the correct SNAT and DNAT rules to reach this on port 80, but I can't reach it via 75.x.x.27, which is its external address. Nor can I ping it. And, I can ping anything outbound from that host. Arrgh. I don't know if it's helpful, but I've attached what I hope is a new, better network map. Thanks and regards, Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Attachment:
Network Diagram_01302012_A.png
Description: PNG image
