The puzzle is getting deeper. It looks like destination NAT is working for
all IPS **other than** the .66. I can get the .67, .68, and .69 to forward,
but not the .66. This seems quite strange. If it's relevant, the netmask on
all IPs is /29 (255.255.255.248).
On Thu, Mar 11, 2010 at 5:10 PM, Jonathan S. Shapiro <[email protected]>wrote:
> This is a bit odd, and I'm really not quite sure what I'm doing wrong.
>
> I'm trying to establish a mapping from public IPs on the RED net to
> internal IPs on the ORANGE net as follows:
>
> 173.160.184.66 => 192.168.1.11
> 173.160.184.67 => 192.168.1.12
>
> I've set up destination nat rules for port 80 (HTTP) on both of these using
> DNAT Policy "NAT". Traffic from the GREEN network that is directed to any of
> these addresses (external or internal on either machine) seems to work fine.
> Traffic from the RED NIC to the .67 IP gets translated as expected and works
> fine. Traffic from the RED network to the .66 IP does not seem to get
> translated.
>
> In an attempt to figure out what is going on, I logged in to both the
> server and the firewall and ran tcpdump against port 80. Traffic to the .67,
> which forwards .67=>.12 works exactly as expected. I can see the traffic
> inbound on the RED interface, and I can see the corresponding traffic
> inbound on the network interface for the .12 machine on the ORANGE net.
> Traffic to the .66 can be seen arriving at the NIC on the RED interface, but
> never makes it to the incoming NIC for the .11 machine. If I switch tcpdump
> over to look at the ORANGE nic, it's clear that the traffic is never making
> it out the NIC.
>
> I've looked at the dnat/iptablesdnat file and also the output of iptables
> -L -n and iptables -L -t nat -n. Both look plausible to me.
>
> What else do I need to look at?
>
>
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
