Hi to all.
I have Installed Debian woody firewall with kernel 2.4.6 and iptables.
I have two ethernet NICs (one fast ethernet eth0 - 172.16.242.1/16 and
one Gigabit - Sysconnect - eth1 - 192.168.1.131/24 attached to a
CISCO 6009 VLAN).
The first NIC is attached in a wide B class 172.16.0.0/16 interconnected
via varius HUBs. I don't know everything else about this LAN because I
don't administer it.
The second NIC is attached in my private LAN through CISCO 6009 and it's
VLANs. In it there are web servers, media servers and so on. I
administer it.
The problem is with NAT.
My web servers have the cluster address of 192.168.1.110/24. I have to
NAT this private addres to the 172.16.0.0/16 LAN. So I have made:
iptables -A PREROUTING -t nat -d 172.16.242.6 -i eth0 -j DNAT
--to-destination 192.168.1.110
So in 172.16.0.0/16 my web servers are known as 172.16.242.6.
Well if I make a ping 172.16.242.6 from my Linux client
(172.16.241.10/16) I don't see nothing.
If I add this line to my Linux client
route add -net 172.16.242.0/24 gw 172.16.242.1
and I ping 172.16.242.6 I see
64 bytes from 172.16.242.6: icmp_seq=40 ttl=126 time=1.0 ms
64 bytes from 172.16.242.6: icmp_seq=40 ttl=126 time=1.1 ms (DUP!)
64 bytes from 172.16.242.6: icmp_seq=41 ttl=126 time=1.0 ms
64 bytes from 172.16.242.6: icmp_seq=41 ttl=126 time=1.1 ms (DUP!)
64 bytes from 172.16.242.6: icmp_seq=42 ttl=126 time=1.0 ms
64 bytes from 172.16.242.6: icmp_seq=42 ttl=126 time=1.1 ms (DUP!)
64 bytes from 172.16.242.6: icmp_seq=43 ttl=126 time=2.9 ms
(the DUP! is because my stupid Windows web servers with Network Load
Balancing are two fisical servers)
If I remove the routing line
route del -net 172.16.242.0/24 gw 172.16.242.1
my ping doesn't work.
Obviously I can't' add this routing line to all hosts in 172.160.0.0/16,
so how can I solve this problem?
I repeat that all hosts in 172.16.0.0/16 class are directly connected
via various HUBs
Thanks a lot
I have Installed Debian woody firewall with kernel 2.4.6 and iptables.
I have two ethernet NICs (one fast ethernet eth0 - 172.16.242.1/16 and
one Gigabit - Sysconnect - eth1 - 192.168.1.131/24 attached to a
CISCO 6009 VLAN).
The first NIC is attached in a wide B class 172.16.0.0/16 interconnected
via varius HUBs. I don't know everything else about this LAN because I
don't administer it.
The second NIC is attached in my private LAN through CISCO 6009 and it's
VLANs. In it there are web servers, media servers and so on. I
administer it.
The problem is with NAT.
My web servers have the cluster address of 192.168.1.110/24. I have to
NAT this private addres to the 172.16.0.0/16 LAN. So I have made:
iptables -A PREROUTING -t nat -d 172.16.242.6 -i eth0 -j DNAT
--to-destination 192.168.1.110
So in 172.16.0.0/16 my web servers are known as 172.16.242.6.
Well if I make a ping 172.16.242.6 from my Linux client
(172.16.241.10/16) I don't see nothing.
If I add this line to my Linux client
route add -net 172.16.242.0/24 gw 172.16.242.1
and I ping 172.16.242.6 I see
64 bytes from 172.16.242.6: icmp_seq=40 ttl=126 time=1.0 ms
64 bytes from 172.16.242.6: icmp_seq=40 ttl=126 time=1.1 ms (DUP!)
64 bytes from 172.16.242.6: icmp_seq=41 ttl=126 time=1.0 ms
64 bytes from 172.16.242.6: icmp_seq=41 ttl=126 time=1.1 ms (DUP!)
64 bytes from 172.16.242.6: icmp_seq=42 ttl=126 time=1.0 ms
64 bytes from 172.16.242.6: icmp_seq=42 ttl=126 time=1.1 ms (DUP!)
64 bytes from 172.16.242.6: icmp_seq=43 ttl=126 time=2.9 ms
(the DUP! is because my stupid Windows web servers with Network Load
Balancing are two fisical servers)
If I remove the routing line
route del -net 172.16.242.0/24 gw 172.16.242.1
my ping doesn't work.
Obviously I can't' add this routing line to all hosts in 172.160.0.0/16,
so how can I solve this problem?
I repeat that all hosts in 172.16.0.0/16 class are directly connected
via various HUBs
Thanks a lot