From: Dimitri Yioulos <dyioulos@onpointfc.com>
To: "netfilter@vger.kernel.org" <netfilter@vger.kernel.org>
Cc: "DiCecca, Caitlin" <cdicecca@onpointfc.com>
Subject: Re: Dual WAN setup redux
Date: Thu, 2 Feb 2012 12:52:07 -0500 [thread overview]
Message-ID: <201202021252.07673.dyioulos@onpointfc.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 1982 bytes --]
On Thursday 02 February 2012 2:35:20 am Andrew Beverley wrote:
> On Wed, 2012-02-01 at 17:08 -0500, Dimitri Yioulos wrote:
> > On the test machine (call it box 3 in the diagram), I changed the ip to
> > be 75.x.x.28, netmask 255.255.255.248, network 75.x.x.24. I set the
> > gateway to be 75.x.x.25 (eth3 address on the firewall/router). I can't
> > ping anything.
>
> I wasn't very clear in my last post. You'll need to separate out that
> small block into different subnets, as they're on different interfaces.
>
> > If I had my choice, though, I'd rather assign an address of 192.168.1.x
> > to the test machine (as with the rest of the devices in the DMZ), and
> > make it use the WAN2 connection instead of WAN1 that the other devices
> > are using.
>
> Actually, it's probably as easy to do this. Set the 192.168.1.x IP
> address on the test machine, then try pinging eth3's IP address from the
> test machine. That should work. Then try the gateway on the same subnet.
> That should also work.
>
> Once that's working, then you should be able to do a DNAT on the
> firewall to send packets coming in on eth3 to the test machine
> (192.168.1.x).
>
> Andy
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
I changed the ip addy of the test server to 192.168.1.11, back on the
DMZ subnet. I now have partial success, as I can ping the gateway
(75.x.x.30). I think I have the correct SNAT and DNAT rules to reach this
on port 80, but I can't reach it via 75.x.x.27, which is its external
address. Nor can I ping it. And, I can ping anything outbound from that host.
Arrgh.
I don't know if it's helpful, but I've attached what I hope is a new, better
network map.
Thanks and regards,
Dimitri
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
[-- Attachment #2: Network Diagram_01302012_A.png --]
[-- Type: image/png, Size: 11836 bytes --]
next reply other threads:[~2012-02-02 17:52 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-02 17:52 Dimitri Yioulos [this message]
2012-02-02 23:11 ` Dual WAN setup redux Andrew Beverley
-- strict thread matches above, loose matches on Subject: below --
2012-01-27 23:03 Dimitri Yioulos
2012-01-31 1:50 ` Lloyd Standish
2012-01-31 17:15 ` Andrew Beverley
2012-02-01 16:51 ` Dimitri Yioulos
2012-02-01 18:49 ` Andrew Beverley
2012-02-01 19:46 ` Dimitri Yioulos
2012-02-01 20:25 ` Andrew Beverley
2012-02-01 20:35 ` Andrew Beverley
2012-02-01 22:08 ` Dimitri Yioulos
2012-02-01 23:32 ` Andrew Beverley
2012-02-02 7:35 ` Andrew Beverley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201202021252.07673.dyioulos@onpointfc.com \
--to=dyioulos@onpointfc.com \
--cc=cdicecca@onpointfc.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox