[f-nsp] NAT / routing /IP fwd issue

elliot moore elliot at devnull.org.uk
Mon Dec 6 12:37:09 EST 2004


Hello!
I have an 8port ServerIron XL  (Forwarding Traffic to/from multiple 
sub-nets In separate broadcast domains)

(For this email, I substitute my real ip range with aa.bb.cc.0/27)

Setup
====
vlan1 - public IPs   aa.bb.cc.0/27 	- ve1
vlan2 - private IPs  10.0.0.0/24		- ve2
vlan3 - private IPs   192.168.0.0/24 	- ve3
The server-iron is the default gateway for hosts on both private 
networks

it load-balances traffic from 10.0.0.0/24 to 192.168.0.0/24
And aa.bb.cc.0/27 -> 10.0.0.0/24
And aa.bb.cc.0/27 -> 192.168.0.0/24


Problem
=======
I NAT a host 192.168.0.15, to a public IP, so it can have Internet 
access.

My problem is that the server-iron also NATs 192.168.0.15 when it 
connects with 10.0.0.0 network. Resulting in a source address of 
aa.bb.cc.10
The same happens if I give a public host NAT mapping to a host in the 
10.0.0.0 network, If it then connects with a host in the 192.168.0.0 
network it is also natted with a public address.

Is there I can configure the server-iron to only NAT for access to 
0.0.0.0 (Internet access) and not 10.0.0.0/192.168.0.0


Thanks in advance!
ells..




helpful config extracts ?
=================

SW: Version 07.3.03T12

#sh ip route
     Destination      	 NetMask           	Gateway           Port   Cost 
   Type
1     10.0.0.0          	255.255.255.0     	0.0.0.0           	Ve 2   1 
      D
2     aa.bb.cc.0     	255.255.255.224   	0.0.0.0           	Ve 1   1    
   D
3     192.168.0.0       	255.255.255.0     	0.0.0.0           	Ve 3   1 
      D
4     0.0.0.0           	0.0.0.0           		aa.bb.cc.1      	Ve 1   1  
     S

ip forward
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip nat  inside source static 192.168.0.15 aa.bb.cc.10



More information about the foundry-nsp mailing list