I have an IP range x.x.x.208/255.255.255.240 dsl router on 209 (no access) fw on x.x.x.210/ masq for internal network goes on 210 eth0 = loc eth1 = net eth2 = dmz
1) on Ext Int. I checked the proxy arp is on
any ideas how to configure the remaining 211-222 ? I configure them like eth1:X aliases is this correct ?
DNAT/SNAT rules forward various connection from 210-222 to the DMZ Packed rules also configured and enable accordingly.
nothing work on them (dead?!?).
2. DNS not resolving Int Loc DNS server configured in the FW like the DNS to query has also the Packed rule: Allow int. eth0 to Loc DNS srv Allow Loc DNS srv to query ISP DNS srv(s)
3. Mail relay works just inside out SMTP configured to accept for varius domain and forward to the mail srv in Loc Packet rules configured allow smtp to Eth1 Allow smtp from Eth0 to Loc Mail srv ?
SMTP proxy fixed ... no many f* rules... removed anything related to SMTP ... read it somewhere that SMTP proxy is managing him self [:O]
This is my current setup: Astaro 4.0.21 dsl router: 1.1.3.209 (no access)
Internal: eth0 192.168.1.1/255.255.255.0 External: eth1 1.1.3.210/255.255.255.0 Gateway: 1.1.3.209 On Eth1 I have an ip pool 1.1.1.3.208/28, hosts from 1.1.3.210-222 They are all configured like 'Additional address on Ethernet interface' Netmask 255.255.255.255 with Gateway: none DMZ: eth2 10.1.1.1/255.255.255.0
Is DMZ_Web_serv's gateway set to Astaro?
Turn on all ICMP (menu choice after packetfilter rules) temporarily and see what traceroute says is the slowest leg...
I have at the moment ShoreWall FW running on Debian. So I just migrated the rules, no changes to the rest of the network was nessesery, besides on Exchange for smtp delivery.
Strange thing is that even if I enable ping and traceroute, Astaro does not reply ! He can ping everything Internal Lan can ping and traceroute outside put not from the Net to the FW ...
The traceroute from the internet stops at the DSL router ... I even did something like this for testing: Allow Any-> { traceroute } -> Group_Of_All_External_Aliases nothing ...
Login to the console did the job .... deleting manualy the default routes and leaving just one ...
Its strange that nobody has a clue !!?! Astaro are you reading this ? For paying this amount of $$$$ with the manual just for the home user, 200+ pages of pics, sorry but is frustrating..
If this is a production environment, that should be made clear from the get go so I do not suggest things that might disrupt you (and you should work with an Astaro Support Partner in person). If it is not, you really are going to need a lot more patience working on this! Let's face it: these boards are a primitive communication medium. Since I can't 'see' what is going on, I have to start with some assumptions as to what is going on on your end, and sometimes those assumptions can be wrong (example: once I spent ten posts talking to somebody until we found out that they had plugged their Internet connection into both their clean AND dirty interfaces!). So we have to be patient and ask what is going on...
To resume: Is each of the external IP's gateway's set to the DSL router??
If it is, I wonder if your DSL router is not amused with your external addresses sharing the same MAC...
Can you ping the router from the console of the firewall? (all ICMP options on; assuming that the router is pingable; some are not by default...)
Can you or your ISP ping the firewall from the router?
