Only a guess, but have you checked to see if your firewall settings are blocking some of your traffic somehow?
--Matt Ross Ephrata School District ----- Original Message ----- From: Jonathan S. Shapiro [mailto:[email protected]] To: [email protected] Sent: Thu, 11 Mar 2010 17:10:38 -0800 Subject: [Efw-user] Destination nat config problem > This is a bit odd, and I'm really not quite sure what I'm doing wrong. > > I'm trying to establish a mapping from public IPs on the RED net to internal > IPs on the ORANGE net as follows: > > 173.160.184.66 => 192.168.1.11 > 173.160.184.67 => 192.168.1.12 > > I've set up destination nat rules for port 80 (HTTP) on both of these using > DNAT Policy "NAT". Traffic from the GREEN network that is directed to any of > these addresses (external or internal on either machine) seems to work fine. > Traffic from the RED NIC to the .67 IP gets translated as expected and works > fine. Traffic from the RED network to the .66 IP does not seem to get > translated. > > In an attempt to figure out what is going on, I logged in to both the server > and the firewall and ran tcpdump against port 80. Traffic to the .67, which > forwards .67=>.12 works exactly as expected. I can see the traffic inbound > on the RED interface, and I can see the corresponding traffic inbound on the > network interface for the .12 machine on the ORANGE net. Traffic to the .66 > can be seen arriving at the NIC on the RED interface, but never makes it to > the incoming NIC for the .11 machine. If I switch tcpdump over to look at > the ORANGE nic, it's clear that the traffic is never making it out the NIC. > > I've looked at the dnat/iptablesdnat file and also the output of iptables -L > -n and iptables -L -t nat -n. Both look plausible to me. > > What else do I need to look at? > ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
