I am trying to implement 1 to 1 NAT to host several sites and services that are spread across different machines and exposed on different public IP's. I have a range of 15 public IP's to work with. I have set up all the rules in 1 to 1 NAT, but only rules using the first two public IP's work.
ifconfig shows that all of the addresses are being registered. I have only specified the first public ip in the network config, and the rest have only been defined in my NAT rules. I am completely stumped. Should this be working, and assuming so, what am I doing wrong?
Edit: Actually the first 8 ip's work.
ifconfig shows that all of the addresses are being registered. I have only specified the first public ip in the network config, and the rest have only been defined in my NAT rules. I am completely stumped. Should this be working, and assuming so, what am I doing wrong?
Edit: Actually the first 8 ip's work.
In 1-to-1 NAT
Share this post:
Responses (5)
-
Accepted Answer
It is certainly possible that it is a bug. However, I don't think it will be an obvious one. I have a server that is presently using 12 addresses from a .160 to a .187 area applying 1:1 nat rules in a Class C network.
One thing to check is that the subnet mask is happening correctly on the upstream router. I would also apply a tcpdump on the port and then watch it, ClearOS may be sending the data just find but running into a router upstream that is not aware that you have a .240 but thinks you have a .248. One way to test this is to place another machine outside your firewall and then test your 1:1 NAT rules outside of any interference from your ISP. -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
More info: We have a public subnet with a 240 mask. I have determined that 1 to 1 NAT is only working with the first 8 addresses in our subnet. I can create rules for the rest of the addresses, and the ip's will then show in ifconfig, but the forwarding doesn't work. Is this a limitation of 1 to 1 NAT, or is it likely to be a configuration error?
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »