mrk at renre-europe.com
Wed Jan 16 09:24:50 GMT 2002
OK I tried this and using tcpdump I can see that the source NATing and
Destination NATing are now both working.
But using tcpdump on the firewall I can see that packets are still
trying to return through the wrong interface.
On Tue, 2002-01-15 at 19:14, Nick Murtagh wrote:
> On Tuesday 15 January 2002 18:26, Mark Kilmartin wrote:
> > I believe the NATing is working just the replies are going to the wrong
> > interface.
> There are two types of NAT. Destination NAT and source NAT. You have got
> a working destination NAT. I suggested adding source NAT so that packets
> heading to the server appear to come from the interface on the firewall
> on which they arrived. Hence the server will send its reply back to
> that interface.
> a.b.c.x (ISP 2) packet appears to come from some routable
> | internet address
> | |
> | \|/
> 10.1.1.2 (firewall) SNAT here, now packet appears to come
> | from 10.1.1.2
> | |
> | \|/
> server server receives packet, sends reply to
> I think this should work.
> Irish Linux Users' Group: ilug at linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription information.
> List maintainer: listmaster at linux.ie
More information about the ILUG