[Shorewall-users] Nat'ed Servers

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hello,

=09I am running two mail servers that are NAT'ed behind one shorewall=20
firewall (1.3.5b).  Everything works well from the outside, but between t=
he=20
two servers there is a little problem.  I know that Proxarp would be bett=
er,=20
I might switch. =20

=09Here is the problem.  I added the following rules to make the two=20
servers communicate using the real external IP's.

DNAT    lan:10.1.1.0/24 lan:10.1.1.1    tcp     0:65535 -       12.23.34.=
3:10.1.1.5
DNAT    lan:10.1.1.0/24 lan:10.1.1.1    udp     0:65535 -       12.23.34.=
3:10.1.1.5
DNAT    lan:10.1.1.0/24 lan:10.1.1.2    tcp     0:65535 -       12.23.34.=
4:10.1.1.5
DNAT    lan:10.1.1.0/24 lan:10.1.1.2    udp     0:65535 -       12.23.34.=
4:10.1.1.5

where 12.23.34.3 and 12.23.34.4 are the real ip's that are NAT'ed to serv=
ers=20
10.1.1.1 and 10.1.1.2, and 10.1.1.5 is the internal ip for my firewall.  =
This=20
does work with short connections.  But if one mail server send the other =
a=20
large email, the transfer slows to a crawl.  It eventually completes, but=
 why=20
this behavior??

--=20
Regards

Joseph =09                      http://www.datakota.com