Re: Only using masquerading on internet facing server
- Date: Thu, 14 Mar 2019 08:38:46 +0000
- From: mick crane <mick.crane@xxxxxxxxx>
- Subject: Re: Only using masquerading on internet facing server
On 2019-03-14 08:26, john doe wrote:
put ipfire or pfsense on server a, they've got Guis for sorting out that
On 3/13/2019 1:39 PM, Stefan Monnier wrote:
Ip range on server a: 172.17.232.0/24
IP range on server b: 192.168.3.0/24
That's very vague.
But I'll assume that your "server b" has an address 172.17.232.NN
on one network interface and 192.168.3.1 on another.
If I enable MASQUERADING on server b everything works as expected but
soon as I disabled MASQUERADING on server b the hosts behind it don't
have internet access for example.
What do I need to do on server a to properly MASQUERADE server b?
My guess is that on "server a" you have not setup routing so as to
all the 192.168.3.0/24 packets to "server b".
IOW on "server a" you need to do something like
route add -net 192.168.3.0/24 gw 172.17.232.NN
Thanks to anyone who has contributed to this question.
By the answers in this thread, I guess I need to explane what I have
what I'm trying to do.
Server a and server b are identical, server a is the internet facing
server which has one network behind it (eth1 172.17.232.0/24 and eth0
the interface connected to the internet), server b is behind server a
and connected using the eth0 interface.
Server b is behind server a and is connected to server a through eth0,
server b has one network behind it (eth1 192.168.3.0/24).
For now both server (a and b) are responsible for MASQUERADING the
networks behind them.
So server a MASQUERADEs 172.17.232.0/24 and server b MASQUERADEs
MASQUERADE is only needed on server a.
Does it help understanding what I'm trying to do?
I really appriciate any help/hint.
Key ID 4BFEBB31