This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Virtual Address

I hope someone has encountered this.
Client of mine has 28 IP address, all of them running port 80 for the webservers but going out through one NIC (Network Interface Card).
Astaro firewall only resolves the first address on the NIC card.
Example 1
10.0.0.3 Port 80 Primary NIC

This thread was automatically locked due to age.

Parents

0 Michael Ziegler over 23 years ago

could you please give a more precise description of your problem ... [:S]

bye,
michael
Cancel
Vote Up 0 Vote Down

Cancel
0 E. Winkler over 23 years ago in reply to Michael Ziegler

Sure,
I have my firewall setup with 3 NIC's
LAN 10.0.0.1
DMZ 192.168.x.x
WAN 142.x.x.x

I have a Sun Solaris Server with 1 Network Card
hme0 10.0.0.3
This interface has 28 virtual ip address attached.
hme0:1 10.0.0.4
hme0:2 10.0.0.5
hme0:3 10.0.0.6
And so on...
I setup my DNAT rules as follows:
reg_ext HTTP  reg_int HTTP
My Packet Filter rules is as follows:
Any HTTP reg_int Allow
Now: The first address 10.0.0.3 works fine, but all of its virtual address don't translate.  I do not understand why ?
Hope to hear from you soon,
Emerich

quote:
Originally posted by Michael Ziegler:
could you please give a more precise description of your problem ...    [:S]

bye,
michael
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 E. Winkler over 23 years ago in reply to Michael Ziegler

Sure,
I have my firewall setup with 3 NIC's
LAN 10.0.0.1
DMZ 192.168.x.x
WAN 142.x.x.x

I have a Sun Solaris Server with 1 Network Card
hme0 10.0.0.3
This interface has 28 virtual ip address attached.
hme0:1 10.0.0.4
hme0:2 10.0.0.5
hme0:3 10.0.0.6
And so on...
I setup my DNAT rules as follows:
reg_ext HTTP  reg_int HTTP
My Packet Filter rules is as follows:
Any HTTP reg_int Allow
Now: The first address 10.0.0.3 works fine, but all of its virtual address don't translate.  I do not understand why ?
Hope to hear from you soon,
Emerich

quote:
Originally posted by Michael Ziegler:
could you please give a more precise description of your problem ...    [:S]

bye,
michael
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 ollion over 23 years ago in reply to E. Winkler

Hello,

are you sure that your server responds
with the correct alias IP address?
You could copy tcpdump onto your firewall
to sniff what happens :-)

regards
ollion
Cancel
Vote Up 0 Vote Down

Cancel
0 Michael Ziegler over 23 years ago in reply to ollion

hi emerich,

ok, you also have (at least) 28 public IPs ? and they are set up as VIPs on your external interface ? and you have a dnat rule for every public IP ?

example:
142.1.1.2:80 --> 10.0.0.2:80
142.1.1.3:80 --> 10.0.0.3:80
142.1.1.4:80 --> 10.0.0.4:80
...

bye,
michael
Cancel
Vote Up 0 Vote Down

Cancel
0 Orjan Sandland over 23 years ago in reply to Michael Ziegler

Michael, after reading/responding to a different post from E.Winkler, I suspect that he does not have 28 public addresses.
If he had, he should probably use proxy ARP instead of extensive aliasing and DNATing.

Best regards
Ørjan Sandland
Cancel
Vote Up 0 Vote Down

Cancel