1. Home
  2. Networking Firewalls
  3. DNAT and SNAT ???

DNAT and SNAT ???

Hi all! I have an issue . To explain it i first give you a brief map of my lan. I have a router/modem and a linuxbox acting as firewall/gayeway two nics. Behind the linuxbox i have some backend servers and a windows client machine,network 172.16.0.0/24. The router is also an access point for wireless clients (network

192.168.0.0/24) and i want these clients to connect to the backend servers behind the linuxbox and the other way round. [wifi][router]---[linuxbox.gw]---[server1][server2]server3] I know it sounds average but i can't get it to work , help please! Thanks !

Gab

Reply to
Gab
Loading thread data ...

Am Mon, 05 Jan 2009 03:43:41 -0800 schrieb Gab:

Did you enable ip forward?

Show you routing table from linuxbox.gw and router.

Reply to
Burkhard Ott

Am Mon, 05 Jan 2009 13:17:29 +0100 schrieb Gab:

Which machine knows the route to 172.16.0.0/24? Is it 192.168.1.1?

Can you see packets from your wifi clients (use tcpdump)? Usually your packet flow from 10.0.0.0/8 goes straight over eth2 and if the target ip is not within 192.168.1.0./24 then all packets are routed via 192.168.1.1 if you have enabled ip_forward.

cheers

Reply to
Burkhard Ott

[...]

Now, did you?

Assuming that eth0 is the interface towards the router and eth2 is the interface towards the LAN:

a) You don't have a route to the network 172.16.0.0/24 which you said was the range used by your LAN. Check your IP configuration for eth2. b) Your Linux box sits between two private networks run by yourself, so it doesn't need to do NAT anyway. Simply route the traffic and be done with it. Only your border router has to do NAT for packets going to/coming from the Internet.

cu

59cobalt
Reply to
Ansgar -59cobalt- Wiechers

Ref =A0Use Iface

=A0 =A00 =A0 =A0 =A00 eth0

0 =A0 =A0 =A00 =A0 =A0 =A00 eth2

=A0 =A0 =A00 =A0 =A0 =A00 eth0

I have put fakes ips in the fist post what i missed to do in the second post of my routing table , sorry !. What you made me think is my applied 'double nat' which hasn't got much sense ... i will let update you on all progresses , thanks ! Gab

Reply to
Gab

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.