From: Andrew Beverley <andy@andybev.com>
To: Dimitri Yioulos <dyioulos@onpointfc.com>
Cc: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>,
"DiCecca, Caitlin" <cdicecca@onpointfc.com>
Subject: Re: Dual WAN setup redux
Date: Wed, 01 Feb 2012 23:32:25 +0000 [thread overview]
Message-ID: <1328139145.1891.45.camel@andy-laptop> (raw)
In-Reply-To: <201202011708.17672.dyioulos@onpointfc.com>
On Wed, 2012-02-01 at 17:08 -0500, Dimitri Yioulos wrote:
> > In summary, if I understand your setup correctly, you should be able to
> > assign *one* of your public IP addresses to eth3, and then assign
> > another one to the web server, assuming they're all in the same subnet
> > and you get the subnets correct.
>
> Thanks for your efforts, especially as you're dealing with someone as dense as
> me.
>
> On the test machine (call it box 3 in the diagram), I changed the ip to be
> 75.x.x.28, netmask 255.255.255.248, network 75.x.x.24. I set the gateway to be
> 75.x.x.25 (eth3 address on the firewall/router). I can't ping anything.
What are your actual IP addresses?
> At this point, is it a firewall rule issue? If so, what is/are the rule(s) I
> need to add?
You'll need something like "iptables -A FORWARD -o eth3 -j ACCEPT",
assuming that your default policy is DROP. Plus the associated inbound
connection ("iptables -A FORWARD -i eth3 -j ACCEPT"). Of course, you
should tighten these up, but I'd get it working first.
> If I had my choice, though, I'd rather assign an address of 192.168.1.x to the
> test machine (as with the rest of the devices in the DMZ),
I suggest you get it working with the public IP address first, as it's
less things to configure.
Andy
next prev parent reply other threads:[~2012-02-01 23:32 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-27 23:03 Dual WAN setup redux Dimitri Yioulos
2012-01-31 1:50 ` Lloyd Standish
2012-01-31 17:15 ` Andrew Beverley
2012-02-01 16:51 ` Dimitri Yioulos
2012-02-01 18:49 ` Andrew Beverley
2012-02-01 19:46 ` Dimitri Yioulos
2012-02-01 20:25 ` Andrew Beverley
2012-02-01 20:35 ` Andrew Beverley
2012-02-01 22:08 ` Dimitri Yioulos
2012-02-01 23:32 ` Andrew Beverley [this message]
2012-02-02 7:35 ` Andrew Beverley
-- strict thread matches above, loose matches on Subject: below --
2012-02-02 17:52 Dimitri Yioulos
2012-02-02 23:11 ` Andrew Beverley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1328139145.1891.45.camel@andy-laptop \
--to=andy@andybev.com \
--cc=cdicecca@onpointfc.com \
--cc=dyioulos@onpointfc.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.