Network Masquerading

Hi all,

Need some help here ...

i have a broadband line with 2 external fix IP addresses and i have installed suse 10.2 as my firewall. Let's say that my Fix external IP are ..

2 External fix IP addresses
100.100.100.101
100.100.100.102

Modem External IP address
100.100.100.100

so the IP i have set in suse firewall which connected to the modem is 100.100.100.101, and the Virtual IP is 100.100.100.102.

OK .. the question here ... when i want to do port forwarding from 100.100.100.101 to internal IP 192.168.1.1, it is NO problem, but if i wish to do port forwarding from 100.100.100.102 (virtual ip) to internal IP 192.168.1.2, it is NOT working ...

for this case, what should i need to set in Masqueraded of firewall? normally if for ONE external IP to ONE internal IP, we just need to set ...

Source: 0/0
Protocal: TCP
Requested IP: 0/0
Port: 80
Redirect IP: 192.168.1.1
Redirect Port: 80

so how about the setting for two external IP to two internal ip?

Thank you, hope to hear from you all soon ...

Regards,
Kenny

Hi all,

i have found the solution, this isuse closed.

Thank you

Regards,
Kenny

Quote:

Hi all,

i have found the solution, this isuse closed.

Thank you

Regards,
Kenny
[/b]

Could you post the solution. Can be useful for others

/Geoff

Hi all,

OK ... the solution quite simple ... set below settings into your Masquerading Tab in your firewall.

Source: 0/0
Protocal: TCP
Requested IP: 100.100.100.101
Port: 80
Redirect IP: 192.168.1.1
Redirect Port: 80

Source: 0/0
Protocal: TCP
Requested IP: 100.100.100.102
Port: 80
Redirect IP: 192.168.1.2
Redirect Port: 80

Hi all,

i hit another problem here ... actually i want to forward smtp port to 2 difference mail server, let say that mail server#1 and mail server#2. After i set the port forwarding in firewall, my two mail server are working fine, both also can send & receive mail from outsiders. BUT ... the problem occurred here too. When mail server#1 wan to send mail to mail server#2, the mail will queue in the list. Mail server#2 also hit the same problem, when send mail to mail server#1, they seem like unable to find the host ...

what is the settings more i need to configure into the firewall?

THank you

Regards,
Kenny

Hi all,

any linux expert can help?

thank you

Regards,
Kenny

Hi all,

Detail:
2 External IP address redirect to 2 internal IP address:
100.100.100.101 smtp port(redirect) --> 192.168.0.2 (internal IP)
100.100.100.102 smtp port(redirect) --> 192.168.0.3 (internal IP)


Modem IP:
100.100.100.100
(From Modem to Suse Firewall, then from firewall to switch)
[_MODEM_] ---> [_SUSE FIREWALL_] ---> [_switch_]


continue from above ...
(From switch to 2 email servers)
+--------------> [_Email Server#1_]
[_switch_]
+--------------> [_Email Server#2_]


Suse Firewall WAN IP: 100.100.100.101
Virtual WAN IP: 100.100.100.102
DNS: ISP's DNS

Port Forwarding (Masquerading)
Source: 0/0
Protocal: TCP
Requested IP: 100.100.100.101
Port: 25
Redirect IP: 192.168.0.2
Redirect Port: 25

Source: 0/0
Protocal: TCP
Requested IP: 100.100.100.102
Port: 25
Redirect IP: 192.168.0.3
Redirect Port: 25

Explaination:
Both Email servers got their own email domains, and after i have done for the port forwarding, both servers ABLE to send and receive mail to/from outsiders.

Problem:
the email domain in Email server#1 UNABLE to send/received mail to/from the email domains in Email server#2, and also the email domain in EMail server#2 UNABLE to send/to mail to/from the email domains in email server#1.

What have i tried ...
i tried to do some works in iptables, but it is not working, normally port forwarding they use PREROUTING to send the port into internal server, then from internal to internal they use POSTROUTING ... but also not working ...
i have asked some frens, they said that need to do some works on DNS settings which related to internal DNS and external DNS.

i think it is very clear for those linux expert who have set before this settings, right? somemore i also like to know what is the area i need to look into, so i can forcus on that area ...

Thank you

Regards,
Kenny