-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Joe wrote: > On Thu, 14 Mar 2019 09:26:06 +0100 > john doe <johndoe65...@mail.com> wrote: >> [...] >> By the answers in this thread, I guess I need to explane what I have >> and what I'm trying to do. >> >> [...] >> >> For now both server (a and b) are responsible for MASQUERADING the >> networks behind them. >> So server a MASQUERADEs 172.17.232.0/24 and server b MASQUERADEs >> 192.168.3.0/24. >> >> MASQUERADE is only needed on server a. >> >> Does it help understanding what I'm trying to do? >> >> I really appriciate any help/hint. > > If workstation c connects to a public Internet server, how does the > reply get back to workstation c through servers a and b? > > It has a private address, which nothing on the Net ever sees, so how can > a reply packet ever reach it? > [...] > > So yes, you do need masquerade on both servers. For server a, to > replace the incoming public destination address with that of server b, > and server b to replace *that* destination address with that of the > appropriate workstation.
This is incorrect. He can add a routing entry to server A -- something along the lines of: 192.168.3.0/24 via 172.17.232.x The ".x" will have to be whatever IP address serverB has on the 172 network. Once serverA knows how to get to "network_BC" (i.e. 192.168.3.0/24), serverB will no longer need to perform any NAT. ServerA will still handle masquerade for all traffic exiting eth0 to the internet, and the internet will be none the wiser. -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAlyKMb4ACgkQjhHd8xJ5 ooGGDQgAm+if7k3nGVaz2axefl7gGSqXuDut0A/3NnPJGQD18SaF7BV6pm21OypM fPjxGvu044RQo1YmEPUWpgyz7uj7IRMaLpr5EkbceMsTPOyLTMBcSSjuPURJpTko UdH7VwUo+gkzqV3uhTqgzYaUngfq80qTt2NHJQrUIzvNrWg3tjO4ccFJn6U3h40K Mnb4+u4AM9G9857O7RuXHqkkXeQ2nMqKY+2BpL0+10qsP6TdrlQFj/M2VOoxtNgI /tokgvps1DC7XTu1JbDtY0u+7WugTTAaer2ZKSMuNpDtE/2+qADjFuP/XQuRjTQ+ vQj9SmzNN4+HC23unSzNU7LMNsB7+g== =bcsD -----END PGP SIGNATURE----- -- |_|O|_| |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281
