On 3/13/2019 1:39 PM, Stefan Monnier wrote: >> Ip range on server a: 172.17.232.0/24 >> IP range on server b: 192.168.3.0/24 > > That's very vague. > But I'll assume that your "server b" has an address 172.17.232.NN > on one network interface and 192.168.3.1 on another. > >> If I enable MASQUERADING on server b everything works as expected but as >> soon as I disabled MASQUERADING on server b the hosts behind it don't >> have internet access for example. >> What do I need to do on server a to properly MASQUERADE server b? > > My guess is that on "server a" you have not setup routing so as to send > all the 192.168.3.0/24 packets to "server b". > > IOW on "server a" you need to do something like > > route add -net 192.168.3.0/24 gw 172.17.232.NN > >
Thanks to anyone who has contributed to this question. By the answers in this thread, I guess I need to explane what I have and what I'm trying to do. Server a and server b are identical, server a is the internet facing server which has one network behind it (eth1 172.17.232.0/24 and eth0 is the interface connected to the internet), server b is behind server a and connected using the eth0 interface. Server b is behind server a and is connected to server a through eth0, server b has one network behind it (eth1 192.168.3.0/24). For now both server (a and b) are responsible for MASQUERADING the networks behind them. So server a MASQUERADEs 172.17.232.0/24 and server b MASQUERADEs 192.168.3.0/24. MASQUERADE is only needed on server a. Does it help understanding what I'm trying to do? I really appriciate any help/hint. -- John Doe
