[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Splitting NAT to two Different Severes
Jeff, You will need to place a static route entry from the valid address to one of the internal addresses.. Then you will need to enable "ip forwarding" on that same server that you used in the static route so it can forward packets to the other internal server if need be.. You need to do this because routing occurs before translation. As the routing decision is made, the OS needs to know that the packet must be routed to the internal network... so you can place a route such as: route -p add 209.46.53.10 192.168.1.1 Then on the server 192.168.1.1 you need to enable "IP Forwarding" in the TCP/IP properties tab, so it can forward packets to 192.168.1.2. This will cause traffic to always be fowarded to 192.168.1.1 and routed to 192.168.1.2 only if the destination is set to be so... Overall, I recommend against using such translation; because, as your services increase or the number of servers increase, your address translation rule base becomes more complex and you won't be able to forward packets to different servers on the same port. For example, services like "FTP" require seperate data channels to be established to the same port... so these services will not be supported. Also see this link for more info: http://www.phoneboy.com/fw1/faq/0022.html Amin Tora ePlus Technology http://www.eplus.com NASDAQ: PLUS -----Original Message----- From: Jeff Ensminger [mailto:[email protected]] Sent: Thursday, January 18, 2001 10:35 AM To: [email protected] Subject: [FW1] Splitting NAT to two Different Severes I am at a roadblock on how to solve this issue: On an NT network I want to host the website for domain "onlydomain.com" on a web server (192.168.1.1), and host email for the same "onlydomain.com" on a separate email server (192.168.1.2). Both servers reside the same one fw-1 server. I only have one public IP (209.46.53.10)available to use for both NATs. I have created net objects for both as such: webserver valid=209.46.53.10, real=192.168.1.1 mailserver valid=209.46.53.10, real=192.168.1.2 I have the proper .arp entry of "209.46.53.10 [mac address of fw-1 ext nic]". I have rules allowing for access (in and out) for both servers with the proper protocols (HTTP, and SMTP, Pop3, respectively). The problem is that only the mail requests are properly routed. The web requests are routed to the mail server also, resulting in a page error for the client browser. Regardlesss of the rule-order of the two, the same result occurs. However, if I delete the net object of the mailserver, the web requests are fulfilled properly. Is it not possible to use one public IP to address both email and web server for the same domain, through NAT? I have received a couple of good suggestions, but don't seem to solve the issue. I also have been all through Phoneboy's site (many times) to no avail. Does anyone know how to perform this feat? Thanks to all for at least scratching your heads to see if anything comes up! Jeff "Gus" Ensminger Network Administrator RGI Marketing Group, inc. Orlando, FLext. 104 http://www.rgimarketing.com <<...OLE_Obj...>> ======================================================================== ==== ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ==== ==== ======================================================================== ======== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ======================================================================== ======== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|