[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gauntlet-user
Subject:    Re: Additional IPs and NAT on External NIC
From:       "Steve Loughran" <stevelg () scee ! sony ! co ! uk>
Date:       1999-08-31 14:03:23
[Download RAW message or body]

> If you are using one to one NAT, i.e. static, you must enable the arp for
> the global IPs on the external NIC.  For example, your external IP is
> 10.10.1.1 while your DMZ host IP is 192.8.8.1 is to be NAT to 10.8.8.1,
you
> must enable the arp by issuing the command "arp -s 10.8.8.1 <MAC of
external
> NIC> pub  I might have gotten the sequence wrong.  It could be IP after
the
> MAC.

OK, I (well, actually a mate of mine) finally got the additional IPs bound
to the exernal NIC (using an interface alias) but now I have another
problem. one of the hosts on the DMZ is an ftp server. one of the external
IPs maps to this DMZ IP via NAT. I can connect with ftp to the DMZ ftp
server and log on but the firewall seems to be blocking the 20/tcp ftp-data
traffic coming back out from the DMZ hosts to the external world via the NAT
rules (connection to/from the internal network with no NAT works fine)

For example, if I log in and type `dir`, the internal hosts get the usual
traffic back, but the external hosts stop doing anything once the ftp-data
part of the transfer starts. Any ideas?

--

Steve

-------------------------------------------------
Steve Loughran, SGI/PC IT Manager
Sony Computer Entertainment Europe (Cambridge)
http://camsg001.millennium.co.uk/index.htm
Yamaha YZF1000R Thunderace
Team Waste - Where do you want to go wrong today?

[prev in list] [next in list] [prev in thread] [next in thread]