I’m having trouble wrapping my head around this one. We have an Opensuse 11 machine that acts as a firewall/gateway/router (one of two, but fortunately, the second one doesn’t enter in to this). There are three NICs, Eth0-2, as follows:
-- Eth0 - 10.1.x.x/16 | Internet - Eth1 - Opensuse 11.0 -| | -- Eth2 - 192.168.0.x/24
“Internet” is the External interface (obviously). Both of the subnets on Eth0 and Eth2 are called “Internal” in Yast. (This may be part of my problem.)
We have some control room and talk studio machines on the class C “192” subnet. The class B “10” subnet is all office machines, including an HP4200 printer. We need to be able to print from one of the control room machines, at 192.168.0.53, to the HP printer at 10.1.1.1.
I’ve tried doing a masquerade on ports 631 and 9100 in Yast, using this logic:
Source IP: 192.168.0.1 Source Port: 9100 Protocol: TCP Dest IP: 10.1.1.1 Dest Port: 9100
(Edited - I had the wrong source in there.)
It doesn’t seem to work. I can ping the printer on the Opensuse machine, so I know I can “see” it. I can even run Nmap on the Opensuse machine and it agrees that ports 631 and 9100 are open and are talking. (And besides, everyone else on the 10.1.x.x subnet can print just fine, so I know the printer is happy.)
The goal, obviously, is to have the computer at 192.168.0.53 use the IP address 192.168.0.1 as the target for printing.
I thought I might need to also unblock ports 9100/631, but both internal interfaces are set up as “all ports unblocked.” You’d think that the NAT between the “192” and “10” subnets would work just fine.
What am I missing?