ASL 1.920 - DNAT and IP alias

I'm attempting to configure DNAT with an IP alias on the external firewall interface to allow ftp access to a host on the private LAN.

The IP address of the external interface is 62.64.63.2, the IP address I want to use for FTP is 62.64.63.3. I have configured the additonal IP address on the external interface and rules which allow FTP access from ANY to my internal FTP server.

When I attempt to ftp to 62.64.63.3 I get "connection refused". However if I reconfigure DNAT to use the 62.64.63.2 address to connect to my FTP server then it works. I can ping the 62.64.63.3 address successfully.

Am I missing something obvious ?

[ 13 July 2001: Message edited by: johna ]

Parents

0 Haendchen over 23 years ago

I'm using a similar configuration with the 1.822 ASL. Our ISP has configured his router to forward packets for the "additional" external IP to our "real" external IP, and I have set the DNAT and packet filter rules accordingly. It works fine for me!

Haendchen
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Haendchen over 23 years ago

I'm using a similar configuration with the 1.822 ASL. Our ISP has configured his router to forward packets for the "additional" external IP to our "real" external IP, and I have set the DNAT and packet filter rules accordingly. It works fine for me!

Haendchen
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 tom_01 over 23 years ago in reply to Haendchen

so when you DNAT the .3 to the FTP it does not work ? and it works when you DNAT the .2 ?

please recheck the DNAT and packet filter rules. [:)]

/tom
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 John Agnew over 23 years ago in reply to tom_01

The netmask in the IP alias was wrong (it should have been 255.255.255.255). Once I changed this all worked as expected.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel