Re: NAT from Inside the LAN - Winroute FW 5.0

From: Chris Wilson (cdudec@hotmail.com)
Date: 03/29/03 

From: "Chris Wilson" <cdudec@hotmail.com>
Date: Sat, 29 Mar 2003 12:17:47 -0600

Thanks for you help David..

I do have everything configured as you say..

WAN Interface - Using Public Gateway - Mask 255.255.255.240 - 16 address
LAN - No gateway set SNAT to one of the public IP XXX.XXX.XXX.30
    192.168.1.0/24 Network Subnet of 255.255.255.0
DMZ - No gateway set SNAT to one of the public IP XXX.XXX.XXX.29
    10.1.1.0/24 Network Subnet of 255.255.255.0

The only way to every see the too machines from the LAN to DMZ is to set the
mask to 255.255.255.0

Now if LAN machines have the gateway of that of this Firewall NONE of the
Public address mappings works from the local lan.. If I set the gateway of
LAN machines to a linksys for which goes around the firewall and traffic is
going straight to the WAN interface on the firewall, all the mappings works
great.. I'm trying to avoid having to go through the firewall.. I also play
on putting some gaming services on the DMZ machine.

I'm sure I'm doing something fundamentally wrong but I don't have enough
knownledge to figure out the missing link.. :)

Thanks for you help again David.. :) If you don't mind I can email you a
screen shot of the rules I have within Winroute. ?

Chris

"David" <davidwnh@adelphia.net> wrote in message
news:fraha.21735$TW2.3161854@news1.news.adelphia.net...
> I'm not all too familiar with Winroute, however normally you would assign
> the Winroute computer's internal LAN address as the gateway address for
all
> the internal client machines.
>
> You would also assign your ISP's router as the gateway address of Winroute
> computer's external adapter.
>
> Since you are using several public addresses be sure they were all
assigned
> to the Ethernet adapter before you started creating mappings. Make sure
you
> don't have NAT enabled on both interfaces because this will disable
internet
> sharing. Generally one public address is used for sharing the internet
> connection and then you port map the others for servers or services you
want
> available from the internet. . If you are only providing limited filtered
> inbound access to client desktops two adapters are fine, however if you
are
> providing publicly available servers think about adding a third Ethernet
> adapter to separate these machines from the rest of your LAN in its own
DMZ
> subnet.
>
>
> > The problem is that internal traffic using the Firewall as the default
> > gateway doesn't do the NAT rules for the public addresses.
> >
> > I do have the WAN card configured with all the public addresses and the
> LAN
> > card is configured without a gateway for which I believe the firewall
> > handles the routing?? I don't have any static routes establsihed with
the
> > Firewall, not sure if that matters ?
> >
> > Thanks for the help BTW..
> >
> > Chris
> >
> >
> >
> > "David" <davidwnh@adelphia.net> wrote in message
> > news:K70ha.21426$TW2.2961569@news1.news.adelphia.net...
> > > You don't really mention any problem here, but I will guess that your
> > > traffic is not forwarding to the internet from the Winroute box? Do
you
> > have
> > > your routing tables and external adapter gateway address set up
> correctly
> > on
> > > the Winroute box?
> > > "Chris Wilson" <cdudec@hotmail.com> wrote in message
> > > news:v890659vlgf5ef@corp.supernews.com...
> > > > Hello ALL
> > > >
> > > > Need help setting up NAT for my internal addresses.
> > > >
> > > > I have 2 Gateways here. One is a Linksys and the other is the
Winroute
> > FW
> > > > 5.0 server.
> > > >
> > > > The problem is that all the NAT rules works when my local machine is
> > > pointed
> > > > to the Linksys gateway. When I point my machine to FW it does do the
> > > NAT'ing
> > > > for traffic originating from the internal LAN. I had the same
problems
> > > with
> > > > IPTables as well. What am I missing. I need to get rid of the
Linksys
> > and
> > > > would like to use one gateway and still have NAT from internal
> > interfaces.
> > > > ???
> > > >
> > > > Thanks
> > > > Chris
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: squid + transparent proxying + ssl prots ?
    ... >> route SSH connections off the local private subnet to the internet. ... We use "net 10" for our lan. ... There is one gateway machine ... The iptables command can be used to perform a range of functions in Linux ...
    (Debian-User)
  • Re: "Routing and Remote Access" in Windows Server 2003
    ... Additionally I tell you that I have read a lot of documents on Internet, ... to the LAN the IP 192.168.1.1. ... In "Routing and Remote Access" I have added both NICS. ... >> automatic DNS and no gateway ...
    (microsoft.public.win2000.ras_routing)
  • RE: Firewall / Internet Gateway Config Fails
    ... Firewall / Internet Gateway Config Fails ... all the machines on the lan are already configured to ...
    (RedHat)
  • Re: Cant ping my Windows 2003 R2 server from the internet.
    ... The LAN is connected to a router, as are other PCs on my LAN. ... Gateway metric: 100 ... and dynamic settings pulled from my cable internet provider on the ... able to ping the 100mb port. ...
    (microsoft.public.windows.server.networking)
  • Re: Cant ping my PC from the internet
    ... The TCP/IP stack of the 100Mb/sec card should Not be bound to File Sharing. ... The Giga card should be configured as part of the LAN, ... Gateway metric: 100 ... My last change was to put the gateway and interface metrics on the GigE port to 100 to ensure any remote traffic was going through that interface, and to keep my local LAN traffic on the GigE interface. ...
    (microsoft.public.windowsxp.network_web)