|
||||||||||||
|
|
|
|
 |
||||||||
 |
Static NAT and multiple WAN (DSL) ports |
 |
|
 |
05-03-2008, 10:46 AM
|
#1 |
|
Guest
Status:
Posts: n/a
|
Static NAT and multiple WAN (DSL) ports
Hi, we have a hardware router with 3 ADSL/SDSL lines. The SDSL has a range of public IP addresses. We assigned these public IP adresses as DMZ to the hardware router, and added some of the IP's as secondary IP addresses on the BM's public interface. Filters have been disabled for testing, and we could ping the secondary IP's from the internet. In the next step, we set up a static NAT to a server in the private LAN, which should be reached from travelling users. Pinging the natted address from the internet reached the server (seen with etherreal), but BM did not set the public IP as the source of the ping reply. For testing, we set a static route on the BM to the PC on the internet, using the DMZ as default gateway, which was used for testing, and that worked fine. Is there a chance to get the reply from the natted Server back to the DMZ, where the request came from? Setting static routes isnt possible, because users come with changing IP addresses. Detlef -- Pinkel ------------------------------------------------------------------------ Pinkel's Profile: http://forums.novell.com/member.php?userid=16483 View this thread: http://forums.novell.com/showthread.php?t=326551 |
|
 |
 |
 |
|
Re: Static NAT and multiple WAN (DSL) ports |
|
|
|
|
05-07-2008, 05:50 PM
|
#2 |
|
Guest
Status:
Posts: n/a
|
Re: Static NAT and multiple WAN (DSL) ports
Pinkel,
It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Visit http://support.novell.com and search the knowledgebase and/or check all the other self support options and support programs available. - You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://forums.novell.com) Be sure to read the forum FAQ about what to expect in the way of responses: http://support.novell.com/forums/faq_general.html If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot. Good luck! Your Novell Product Support Forums Team http://support.novell.com/forums/ |
|
|
|
|
|
|
Re: Static NAT and multiple WAN (DSL) ports |
|
|
|
|
05-16-2008, 04:15 PM
|
#3 |
|
Guest
Status:
Posts: n/a
|
Re: Static NAT and multiple WAN (DSL) ports
In article <Pinkel.38u7an@no-mx.forums.novell.com>, Pinkel wrote:
> Is there a chance to get the reply from the natted Server back to the > DMZ, where the request came from? Setting static routes isnt possible, > because users come with changing IP addresses. > This is a routing issue, with a possible workaround. When the BMgr server gets a packet it needs to route, it's going to look in its routing tables to know which interface to send it from, and which IP address will be the next hop. Traffic coming inbound will naturally leave the private interface and route normally to the internal address. Traffic going back to the internet is another matter. Traffic from the internet is, naturally, going to have a public IP address that will not be in the BMgr server's routing tables, unless you put in a static route. If the destination address for a packet is not in the BMgr routing table, it will send the packet to the only choice it has: the default route. Thus, all outbound non-static-nat'd traffic will end up going out the default route. I have used, on occasion, a workaround that forces traffic coming in from one link to go back out that link. If you think of how BMgr (NetWare) is routing replies to these packets, you realize that the only way it is going to go back out link B (if link A is the default) is if the packet actually comes from the address for link B. The way I've made this happen is to enable dynamic NAT on the link B address. (For instance, Cisco router with link B, totally different subnet - due to isp changeover - from link A. Link A was the default. Enabled NAT with overload on link B LAN address, and BMgr then saw all packets coming in from that router as local packets simply coming from the link B LAN address. So it replied to link B. However, all outbound (non-reply) traffic to the internet still went out link A. I've also configured a second internet link for VPN only usage, but that was no more than a static route entry.) Craig Johnson Novell Support Connection SysOp *** For a current patch list, tips, handy files and books on BorderManager, go to http://www.craigjconsulting.com *** |
|
|
|
|
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | Search this Thread |
| Display Modes | |
Linear Mode
|
|
|||
|
|
Powered by: vBulletin Version 3.0.7
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
© 2003-2004 All Rights Reserved GroupBrowser LLC.
