Well, I don't know what type of interfaces etc you are using, but it would
go along the lines of this, I am going to assume that 206.132.75.0/24 is
your ethernet netblock which is routable ip space, and that 172.16.2.0/24
is what you're using for rfc1918 space and that your router is at .1 on
both networks. I am putting them both on one interface but you could be
using two different ethernet interfaces for the two networks. Also you
may or may not have an unnumbered serial interface (or a serial interface
for that matter):
ip nat pool mailserver 206.132.75.196 206.132.75.196 netmask 255.255.255.0
ip nat inside source list 10 pool mailserver overload
!
!
interface Ethernet0
ip address 172.16.2.1 255.255.255.0 secondary
ip address 206.132.75.1 255.255.255.0
ip nat inside
!
interface Serial0
ip unnumbered Ethernet0
ip nat outside
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
!
access-list 10 permit 172.16.2.22 0.0.0.0
access-list 10 permit 172.16.2.23 0.0.0.0
On Fri, 7 Jul 2000, The Green Avenger wrote:
> No. These mail servers handle outgoing mail only.
>
> Unfortunately, I find the Cisco docs on NAT a bit more opaque than you do.
> What would be the syntax of the nat command that would map two specific
> internal IPs to one external one?
>
> -Marc
>
> On Fri, 7 Jul 2000, Brian wrote:
>
> >
> > As far as your "examples" go, I don't see where a whole lot of NAT magic
> > is needed. Yes, you can have the two inside IP's translate to the single
> > external IP..........that is not a problem. Then regardless of which
> > server "originates" a connection, the outside world is only going to be
> > aware of the "outside" IP of 206.132.75.196.........and so as long as the
> > PTR is correct, then it will be fine.
> >
> > In your examples you only talked of the "inside" addresses originating
> > connections to mailservers. Will you also want incoming connections
> > originated from the outside, to sort of round-robin balance between the
> > two inside addresses a la "server load balancing"??
> >
> > Brian
> >
> >
> > On Fri, 7 Jul 2000, The Green Avenger wrote:
> >
> > > I have a NAT question for everyone. I am wondering if it is possible to
> > > statically map a single external (world routeable) IP address to more than
> > > one specific internal (unrouteable) IP address. That is, can I configure
> > > our router to translate the traffic from 172.16.2.22 and 172.16.2.23 to
> > > 206.132.75.212?
> > >
> > > The reason I would want to do this is so that I can install mail servers
> > > that identify themselves with the same name on the two machines on the 172
> > > network, and that will resolve correctly when a remote mail server does a
> > > reverse lookup.
> > >
> > > Fig 1:
> > >
> > > IP: 172.16.2.22
> > > sysname: mail001.example.com
> > > mailer name: mailer.example.com
> > > +---------+ | NAT IP: 206.132.75.196
> > > | | | A RR: mailer.example.com
> > > | mail001 +-----------+ PTR RR: mailer.example.com
> > > | | | +---------+
> > > +---------+ | | |
> > > +-----------+ rtr 1 |
> > > +---------+ | | |
> > > | | | +---------+
> > > | mail002 +-----------+
> > > | | |
> > > +---------+ |
> > > IP: 172.16.2.23
> > > sysname: mail002.example.com
> > > mailer name: mailer.example.com
> > >
> > >
> > > For example, suppose mail001 originates a connection to mx.cisco.com and
> > > identifies itself as mailer.example.com. mx.cisco.com identifies that this
> > > connection is coming from mailer.example.com at IP 206.132.75.196. Being
> > > a well-configured mailer, mx.cisco.com does a reverse DNS lookup to verify
> > > that the PTR resource record for 206.132.75.196 maps to
> > > mailer.example.com. It does, and mx.cisco.com takes the mail. A moment
> > > later, mail002 originates a connection to mx.cisco.com and identifies
> > > itself as mailer.example.com. mx.cisco.com again identifies that this
> > > connection is coming from mailer.example.com at IP 206.132.75.196. It
> > > checks the PTR again, and it matches, and it takes the mail.
> > >
> > > Is this configuration possible with Cisco's implementation of NAT? I know
> > > of other NAT implementations that would support this configuration. (The
> > > mailer configuration is not a problem.)
> > >
> > > Thanks a bunch,
> > > Marc
> > >
> >
> > -----------------------------------------------------
> > Brian Feeny (BF304) signal@shreve.net
> > 318-222-2638 x 109 http://www.shreve.net/~signal
> > Network Administrator ShreveNet Inc. (ASN 11881)
> >
>
-----------------------------------------------------
Brian Feeny (BF304) signal@shreve.net
318-222-2638 x 109 http://www.shreve.net/~signal
Network Administrator ShreveNet Inc. (ASN 11881)
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:14 EDT