Web lists-archives.com

Re: Only using masquerading on internet facing server

On 2019-03-14 08:26, john doe wrote:
On 3/13/2019 1:39 PM, Stefan Monnier wrote:
Ip range on server a:
IP range on server b:

That's very vague.
But I'll assume that your "server b" has an address 172.17.232.NN
on one network interface and on another.

If I enable MASQUERADING on server b everything works as expected but as
soon as I disabled MASQUERADING on server b the hosts behind it don't
have internet access for example.
What do I need to do on server a to properly MASQUERADE server b?

My guess is that on "server a" you have not setup routing so as to send
all the packets to "server b".

IOW on "server a" you need to do something like

    route add -net gw 172.17.232.NN

Thanks to anyone who has contributed to this question.

By the answers in this thread, I guess I need to explane what I have and
what I'm trying to do.

Server a and server b are identical, server a is the internet facing
server which has one network behind it (eth1 and eth0 is
the interface connected to the internet), server b is behind server a
and connected using the eth0 interface.
Server b is behind server a and is connected to server a through eth0,
server b has one network behind it (eth1

For now both server (a and b) are responsible for MASQUERADING the
networks behind them.
So server a MASQUERADEs and server b MASQUERADEs

MASQUERADE is only needed on server a.

Does it help understanding what I'm trying to do?

I really appriciate any help/hint.

John Doe
put ipfire or pfsense on server a, they've got Guis for sorting out that stuff.


Key ID    4BFEBB31