[f-nsp] NAT / routing /IP fwd issue
elliot moore
elliot at devnull.org.uk
Mon Dec 6 12:37:09 EST 2004
Hello!
I have an 8port ServerIron XL (Forwarding Traffic to/from multiple
sub-nets In separate broadcast domains)
(For this email, I substitute my real ip range with aa.bb.cc.0/27)
Setup
====
vlan1 - public IPs aa.bb.cc.0/27 - ve1
vlan2 - private IPs 10.0.0.0/24 - ve2
vlan3 - private IPs 192.168.0.0/24 - ve3
The server-iron is the default gateway for hosts on both private
networks
it load-balances traffic from 10.0.0.0/24 to 192.168.0.0/24
And aa.bb.cc.0/27 -> 10.0.0.0/24
And aa.bb.cc.0/27 -> 192.168.0.0/24
Problem
=======
I NAT a host 192.168.0.15, to a public IP, so it can have Internet
access.
My problem is that the server-iron also NATs 192.168.0.15 when it
connects with 10.0.0.0 network. Resulting in a source address of
aa.bb.cc.10
The same happens if I give a public host NAT mapping to a host in the
10.0.0.0 network, If it then connects with a host in the 192.168.0.0
network it is also natted with a public address.
Is there I can configure the server-iron to only NAT for access to
0.0.0.0 (Internet access) and not 10.0.0.0/192.168.0.0
Thanks in advance!
ells..
helpful config extracts ?
=================
SW: Version 07.3.03T12
#sh ip route
Destination NetMask Gateway Port Cost
Type
1 10.0.0.0 255.255.255.0 0.0.0.0 Ve 2 1
D
2 aa.bb.cc.0 255.255.255.224 0.0.0.0 Ve 1 1
D
3 192.168.0.0 255.255.255.0 0.0.0.0 Ve 3 1
D
4 0.0.0.0 0.0.0.0 aa.bb.cc.1 Ve 1 1
S
ip forward
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip nat inside source static 192.168.0.15 aa.bb.cc.10
More information about the foundry-nsp
mailing list