Hello,
I'm new with Astaro (using 3.207), and till today everything worked
fine and I was happy to be able to quickly build iptables-based
firewalls...
Now I hope somebody can help me to solve a problem with DNAT that I have to use in a bit unusual (?) way: the servers which have to be found via DNAT are not in my Astaro-protected network.
Here is a short description of the network-topology:
'My Network' with public IP a.b.c.0/23 is connected to 'Network X' with private IP 10.0.0.0/8 via 'Astaro-Fw 1'. 'Servers' with IP's 10.21.1.21, 22, 23, 24 are in 'Network X'. 'My Network' is a subnet of and via 'Astaro-Fw 2' connected to 'Campus-Network' having public IP a.b.0.0/16.
It's no problem to work with 'Servers' from inside 'My Network' via 'Astaro-FW 1' using masquerading (public IP's are not allowed in 'Network X') and static routes. New is that clients from 'Campus-Network' have to work with 'Servers' and their 10.x.y.z-adresses can't be routed in 'Campus-Network'. I configured a client to use the IP of the NIC in 'Astaro-Fw 1' attached to 'My Network' and told the Firewall to do DNAT to 10.21.1.x (and masq., of course) - it didn't worked.
I tried the same with a client in 'My Network' and the first rule 'any-any-any-allow' in 'Astaro-Fw 1' and got the same result - no connection to 'Servers'.
By the way: 'Servers' are SAP-Server, I know their tcp-ports and,
again, with only masquerading everything works, so I don't think
it's a SAP-problem although I get a SAPGUI-Error when using DNAT.
Who has an idea?? Thanks in advance to everybody who reads, thinks
about and answers to this!
Greetings
Carsten Behrens
This thread was automatically locked due to age.
