Web lists-archives.com

Re: Only using masquerading on internet facing server




On Thursday, March 14, 2019 04:26:06 AM john doe wrote:
> By the answers in this thread, I guess I need to explane what I have and
> what I'm trying to do.

As someone observing from the peanut gallery, it would help me if the 
explanation was a little less detailed -- sort of an overview.

Let me make a guess, using maybe some acronyms (which I should probably try to 
avoid).

I'm guessing that you have a private LAN (192.168.3.0) behind server b, with 
no direct connection to the Internet.  

Ahead of that, to provide a connection to the Internet, you have server A.

The combination of the two is intended to create a DMZ (iirc) -- a place where 
you can put computers / servers that are more accessible from outside the LAN.

Close???






> 
> Server a and server b are identical, server a is the internet facing
> server which has one network behind it (eth1 172.17.232.0/24 and eth0 is
> the interface connected to the internet), server b is behind server a
> and connected using the eth0 interface.
> Server b is behind server a and is connected to server a through eth0,
> server b has one network behind it (eth1 192.168.3.0/24).
> 
> For now both server (a and b) are responsible for MASQUERADING the
> networks behind them.
> So server a MASQUERADEs 172.17.232.0/24 and server b MASQUERADEs
> 192.168.3.0/24.
> 
> MASQUERADE is only needed on server a.
> 
> Does it help understanding what I'm trying to do?
> 
> I really appriciate any help/hint.
> 
> --
> John Doe