Hi Alex, Alexander Bochmann wrote: > Hi, > > ...on Fri, Mar 03, 2006 at 01:08:43PM +0100, oliver simon wrote: > > > hme1 -> 10.50.0.10 > > hme0 -> 217.5.23.69 > > hme0_alias -> 217.5.23.70 > > default-gw is 10.50.0.1 > > If you want to connect to e.g. 193.44.25.2, the machine has to go there > > with one of it4s official IPs 217... > > Are you shure that's a sane setup? Why do you > want to reach the outside world through an interface > on a private segment when you have official addresses > on another interface? And why is there no address > translation elsewhere between your private segment > and wherever it connects to the Internet?
It4s a server in a DMZ, so we have one "host"-ip (the private one), but the machine needs to be connected from the internet (apache) and put some requests through other .. "private-ip-ed" Servers/Firewalls to other apaches. Machine4s default gw is a private-ip-ed firewall, but otherwise we need to connect other servers in the internet. For being routed back to the machine from the target, the request to the "outer world" has to be done by an official ip. > > How can we solve that problem ? I read a lot about pf and other things, > > but nothing I tried is working ... > > You can NAT the traffic going out through hme1, but you > will have a nice split routing situation, as the traffic > flowing back to you will probably come in through hme0. > Not that that's a problem, it just doesn't make any sense. That are my questions .. How can we solve that ? Currently, we are using linux (which shall be replaced through openbsd), and there is no problem to do that source-routing: /sbin/ip route add 194.78.111.123/32 via 10.50.0.1 src 217.5.130.99 ...olli > Alex.
