Hi,
I have a PPPoA Half-Bridge set up on eth2 which dials out to my DSL provider and gets a single PPP address (/32). However, I have a /29 I can use (the WAN IP address is the last IP address before the broadcast address.)
I read that I have to add additional addresses to my interface to get DNAT to be able to work properly to these addresses.
Here's an example (IP ranges changed to RFC1918 to protect):
Network given to me: 10.0.0.0/29
WAN IP address: 10.0.0.6
Broadcast address: 10.0.0.7
I want to use 10.0.0.1 through 10.0.0.5. For sake of the example, I want 10.0.0.5 to forward to port 22 (SSH) to an internal server.
I tried to add 10.0.0.5 as an additional interface to eth2, but it won't let me. Adding a DNAT rule with the following:
Traffic source: any
Traffic service: SSH
Traffic destination: 10.0.0.5
NAT Mode: DNAT (Destination)
Destination: 192.168.0.5 (internal address)
Destination Service:
Automatic Packet filter rule:
That rule does absolutely nothing. I look in the packet filter live log and see logged DROP packets with source IP (the IP I'm trying to ssh in from), and destination 10.0.0.5.
The Astaro doesn't recognize that 10.0.0.5 is a valid address for INPUT, so I think it didn't adds a proper packet rule.
I'm running v7 of the firewall. Any help would be greatly appreciated. Again, the external interface, eth2, is a PPPoA half-bridge (using PPTP to talk to the modem and making a half-bridge.)
Thanks,
Tom
This thread was automatically locked due to age.
