From: Dimitri Yioulos <dyioulos@onpointfc.com>
To: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Subject: Dual WAN setup redux
Date: Fri, 27 Jan 2012 18:03:18 -0500 [thread overview]
Message-ID: <201201271803.19071.dyioulos@onpointfc.com> (raw)
Hi, folks.
Well, here I am, again, asking for help setting up a dual WAN. With a kind nod
to Lloyd and Andy, I'm simply not getting this to work. And, my deadline for
getting to good is now. So, even though this is a bit off-topic, I'm
appealing, once again, for your help.
Let me see if I can provide all of the information you might need to assist me:
LAN: 192.168.100.0/24
DMZ: 192.168.1.0/24
WAN1 (up and working for a long time): 65.x.x.160/27, gw 65.x.x.161
WAN2 (new connection): 75.x.x.24/29, gw 75.x.x.30
eth0 - WAN1: 65.x.x.162
eth0:0-eth0:6: 65.x.x.163, 164, etc.
eth1 - LAN: 192.168.100.1
eth2 - DMZ: 192.168.1.1
eth3 - WAN2: 75.x.x.25
eth3:0-eth3:1: 75.x.x.26, 27
SNAT current DMZ hosts WAN1 addresses
I want to use WAN2 for a new Web server and test server living in the DMZ.
I created a new routing table called WAN2. Here's the output of "ip route show
table WAN2":
75.x.x.24/29 dev eth3 scope link src 75.x.x.25
default via 75.x.x.30 dev eth3
Netstat -ar produces the following ourput:
75.x.x.24 * 255.255.255.248 U 0 0 0 eth3
65.x.x.160 * 255.255.255.224 U 0 0 0 eth0
10.8.0.0 vpn.mydomain.c 255.255.255.0 UG 0 0 0 eth2
192.168.1.0 * 255.255.255.0 U 0 0 0 eth2
192.168.100.0 * 255.255.252.0 U 0 0 0 eth1
default 65.x.x.161. 0.0.0.0 UG 0 0 0 eth0
The following are probably stupid noob questions, but here goes:
I can ping the WAN2 gateway address from our firewall/router, but not from any
other network device (I can ping the gateway address of WAN1 just fine). Don't
I have to be able to do that first?
I'm not sure what internal ip addresses to give the new Web server and test
server (192.100.1.x, or 75.x.x.26-29.
I'm thinking that once I can get the above straight, iptables rules will be
relatively simple to set up(I'll probably regret having said that :-) ).
Thanks.
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
next reply other threads:[~2012-01-27 23:03 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-27 23:03 Dimitri Yioulos [this message]
2012-01-31 1:50 ` Dual WAN setup redux Lloyd Standish
2012-01-31 17:15 ` Andrew Beverley
2012-02-01 16:51 ` Dimitri Yioulos
2012-02-01 18:49 ` Andrew Beverley
2012-02-01 19:46 ` Dimitri Yioulos
2012-02-01 20:25 ` Andrew Beverley
2012-02-01 20:35 ` Andrew Beverley
2012-02-01 22:08 ` Dimitri Yioulos
2012-02-01 23:32 ` Andrew Beverley
2012-02-02 7:35 ` Andrew Beverley
-- strict thread matches above, loose matches on Subject: below --
2012-02-02 17:52 Dimitri Yioulos
2012-02-02 23:11 ` Andrew Beverley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201201271803.19071.dyioulos@onpointfc.com \
--to=dyioulos@onpointfc.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.