From: Dimitri Yioulos <dyioulos@onpointfc.com>
To: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Cc: "DiCecca, Caitlin" <cdicecca@onpointfc.com>
Subject: Re: Dual WAN setup redux
Date: Thu, 2 Feb 2012 12:52:07 -0500 [thread overview]
Message-ID: <201202021252.07673.dyioulos@onpointfc.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1982 bytes --]
On Thursday 02 February 2012 2:35:20 am Andrew Beverley wrote:
> On Wed, 2012-02-01 at 17:08 -0500, Dimitri Yioulos wrote:
> > On the test machine (call it box 3 in the diagram), I changed the ip to
> > be 75.x.x.28, netmask 255.255.255.248, network 75.x.x.24. I set the
> > gateway to be 75.x.x.25 (eth3 address on the firewall/router). I can't
> > ping anything.
>
> I wasn't very clear in my last post. You'll need to separate out that
> small block into different subnets, as they're on different interfaces.
>
> > If I had my choice, though, I'd rather assign an address of 192.168.1.x
> > to the test machine (as with the rest of the devices in the DMZ), and
> > make it use the WAN2 connection instead of WAN1 that the other devices
> > are using.
>
> Actually, it's probably as easy to do this. Set the 192.168.1.x IP
> address on the test machine, then try pinging eth3's IP address from the
> test machine. That should work. Then try the gateway on the same subnet.
> That should also work.
>
> Once that's working, then you should be able to do a DNAT on the
> firewall to send packets coming in on eth3 to the test machine
> (192.168.1.x).
>
> Andy
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
I changed the ip addy of the test server to 192.168.1.11, back on the
DMZ subnet. I now have partial success, as I can ping the gateway
(75.x.x.30). I think I have the correct SNAT and DNAT rules to reach this
on port 80, but I can't reach it via 75.x.x.27, which is its external
address. Nor can I ping it. And, I can ping anything outbound from that host.
Arrgh.
I don't know if it's helpful, but I've attached what I hope is a new, better
network map.
Thanks and regards,
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
[-- Attachment #2: Network Diagram_01302012_A.png --]
[-- Type: image/png, Size: 11836 bytes --]
next reply other threads:[~2012-02-02 17:52 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-02 17:52 Dimitri Yioulos [this message]
2012-02-02 23:11 ` Dual WAN setup redux Andrew Beverley
-- strict thread matches above, loose matches on Subject: below --
2012-01-27 23:03 Dimitri Yioulos
2012-01-31 1:50 ` Lloyd Standish
2012-01-31 17:15 ` Andrew Beverley
2012-02-01 16:51 ` Dimitri Yioulos
2012-02-01 18:49 ` Andrew Beverley
2012-02-01 19:46 ` Dimitri Yioulos
2012-02-01 20:25 ` Andrew Beverley
2012-02-01 20:35 ` Andrew Beverley
2012-02-01 22:08 ` Dimitri Yioulos
2012-02-01 23:32 ` Andrew Beverley
2012-02-02 7:35 ` Andrew Beverley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201202021252.07673.dyioulos@onpointfc.com \
--to=dyioulos@onpointfc.com \
--cc=cdicecca@onpointfc.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.