From: Cedric C. <cch...@te...> - 2006-02-07 22:31:46
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Shorewall-3.0.3 RH9 (+legacy updates) eth0: loc: 192.168.1.0/24 eth0:0: loc: 192.168.20.0/24 eth1:: 69.70.32.8/29 I'm worked all day on an issue I found today and I just can't find a way to fix my problem. So, basically, for now, my network looks like this: Internet ^ | (69.70.32.8/29) Firewall 192.168.1.1 ^ | LAN/Servers (192.168.1.0/24) So, servers are nated (DNAT) from my external static ips to my LAN, this works fine. I use a SNAT for my outgoing traffic to go out on the internet using 69.70.32.10. This works fine. I need to masq my own LAN to my firewall to be able to use the DNAT of my external IPs inside my LAN, this works fine for now, but this is my problem. I want to add a new subnet (in a virtual interface of my LAN on the firewall), 192.168.20.0/24. Everything's setup, I get a problem, when I am connecting from 192.168.1.0/24 to 192.168.20.0/24 (of vice-versa), I am masqueraded as the interface of this network of the firewall. (ssh 192.168.20.3 from 192.168.1.109 is saw as coming from 192.168.20.1). This causes problems and I just want this subnet to be routed internally with nothing more. I included my config files and my status (status.txt) in the mail, but my masq contains this: #INTERFACE SUBNET ADDRESS PROTO PORT(S) IPSEC eth1 eth0 69.70.32.10 eth0 eth0 (eth0 eth0) looks weird, but it's the only way I found to be able to talk to my nat from the eth1 network from the LAN. If I remove this line, I get what I want, being routed normaly inside, but I can't talk to my dnat from my /29 on the internet. I tried to put thing in and out from the hosts file, but it doesn't change anything. SO now I am asking for your help! ;) Thanks a lot! - -- C=E9dric Charest Administrateur de Syst=E8mes / System Administrator Terrascale Technologies Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFD6R/MudvjQGGRi3oRAvPvAKCzAAoMx3bLaXgihx7t9qAsJ3nhMQCgth/o Coem5MDS5sDq8y2JAPhWRaM=3D =3DXF3O -----END PGP SIGNATURE----- |