<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3243" name=GENERATOR></HEAD>
<BODY>
<DIV><FONT face=Arial size=2><SPAN class=254593904-17042008>Hi
There...</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=254593904-17042008></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=254593904-17042008>We have a SSG
gateway where we put customers who have not paid their bill.
</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=254593904-17042008></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=254593904-17042008><SPAN
class=254593904-17042008>Customer -> LNS-SSG -> CORE (with SLB config on
it) -> DNS Server Farm (dns_server1 &
dns_server2)</SPAN></SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN class=254593904-17042008><SPAN
class=254593904-17042008></SPAN></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=254593904-17042008>Customers connect
via PPP and are tunneled across to our LNS-SSG router and get assigned a
172.16.x.x address. From there, if they try to broswe to anywhere, they
land on a page which tells them that their payment is overdue. To add to this,
we have dns servers load balanced using a SLB as seen in the daigram above.
Obviously, when a late paying customer tries to goto a web site, a DNS lookup is
performed by querying one of the REAL dns servers behind the SLB. The
customers never know about the REAL dns servers behind the SLB and simply set
their dns server to the IP address of the SLB.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=254593904-17042008></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=254593904-17042008>My question is - do
we need to enable NAT on the SLB for customers with 172.16.x.x addresses to be
able to reach the REAL dns servers behind the SLB (bearing in mind that these
private IP's are distributed through our network using OSPF and are reachable)?
What I'm finding is that customers who are assigned a 172.16.x.x IP
address can not do a DNS lookup when they have their dns
server set as the IP address of the SLB. But if I change their dns server
to be one of the REAL dns servers, dns queries are resolved and they get
the correct page displayed telling them their account is locked.
</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=254593904-17042008></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN class=254593904-17042008>So I'm a bit lost if
we need to apply NAT to the SLB config and why this would be neccessary because
all this routing is done within our own network.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=254593904-17042008></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=254593904-17042008>Cheers.</SPAN></FONT></DIV>
<DIV><FONT face=Arial size=2><SPAN
class=254593904-17042008></SPAN></FONT> </DIV>
<DIV><FONT face=Arial size=2><SPAN
class=254593904-17042008>Andy</SPAN></FONT></DIV></BODY><!--[object_id=#staff.netspace.net.au#]--><P align=left><FONT face=Arial size=1>This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email.</FONT></P></HTML>