Hi, I've been trying to get it work for 2 days now.. And since I'm not a pro in linux well I've give up so I'm asking you guys some tips.

Here's my setup.

MODEM -> router (ISP one don't have access)

from the router it split into 2 connection one to my GW (linux debian) and another to a switch which is connected to a web/email server and the gateway.

My gw use x.x.x.27 and x.x.x.26 (everything I use on these ips is ok)

on the web/email server I have x.x.x.28 29 and 30

With this setup it's ok but I want to eliminate the link to the switch and make it pass thru the GW and i can't manage to get it work!

I know I probably have to do some routing but I have no idea ...

Thank in advance for help!

Can you provide some more details:
ifconfig and routes from both GW and Web/Email servers

I'm not sure why you want to 'eliminate the switch', other than I'm assuming you want to force all traffic through your GW.

Yeah because the web server is going to be a Virtual Machin which pass thru the GW and I can't manage to give access to Ip 28,29,30 thru it... I don't want any forwarding I just want theses ip to go thru it and manage port and security on the server.

GATEWAY:

eth0 Link encap:Ethernet HWaddr 00:06:5B:1A:11:0A
inet addr:x.x.x.26 Bcast:x.x.x.31 Mask:255.255.255.248
inet6 addr: fe80::206:5bff:fe1a:110a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25424101 errors:0 dropped:0 overruns:93914 frame:93914
TX packets:15833782 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:349397043 (333.2 MiB) TX bytes:3062736118 (2.8 GiB)

eth0:1 Link encap:Ethernet HWaddr 00:06:5B:1A:11:0A
inet addr:x.x.x.27 Bcast:x.x.x.31 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

eth1 Link encap:Ethernet HWaddr 00:06:5B:1A:11:0B
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::206:5bff:fe1a:110b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15811695 errors:0 dropped:0 overruns:0 frame:0
TX packets:22972257 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3089945336 (2.8 GiB) TX bytes:4175279240 (3.8 GiB)

eth1:1 Link encap:Ethernet HWaddr 00:06:5B:1A:11:0B
inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:421 errors:0 dropped:0 overruns:0 frame:0
TX packets:421 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:54841 (53.5 KiB) TX bytes:54841 (53.5 KiB)

---------------------------------------------------------------------------------------------

Destination Gateway Genmask Flags Metric Ref Use Iface
x.x.x.24 0.0.0.0 255.255.255.248 U 0 0 0 eth0
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 x.x.x.25 0.0.0.0 UG 0 0 0 eth0


----------------------------------------------------------------------------------------------

WEB/EMAIL:

It's a windows 2003 with 2 nic.

NIC1 x.x.x.28 nm: 255.255.255.248
x.x.x.29 nm: 255.255.255.248
x.x.x.30 nm: 255.255.255.248

GW x.x.x.26

DNS : localhost and Videotron

NIC2 192.168.1.95 255.255.255.0 dns 192.168.1.1 (gw i know don t why tho...)

The main problem too is that I'm currently doing my stage in this compagny and the network has been setup by 4 different people so I'm totally lost in there :S

PS: x.x.x.25 => Modem
x.x.x.24 => Network adress


EDIT 1 : I've managed to get it work locally by adding this :

route add x.x.x.28 dev eth1
route add x.x.x.29 dev eth1
route add x.x.x.30 dev eth1

But I still can't access it from outside.

I'm assuming your x.x.x.24-30 are public IP's.
Physical LAN is on the 192.168.1/24 subnet
Virtual LAN in on the 192.168.3/24 subnet

You're adding public routes which means you're routing out everything publicly.

I know you say you don't want forwarding, but that sounds exactly like what you need with a NAT'd FW for the public IP's of the Windows 2003 server.

If you absolutely don't want forwarding, you're going to have to bypass the GW server and add a default route to x.x.x.24 on the Windows 2003 server and then you can access it via the world using the physical public IPs. You'd have to maintain a FW on that machine.

So i'll have to do:

iptables -A PREROUTING -t nat -d x.x.x.28 -tcp -j DNAT --to-destination x.x.x.28

is that what you mean? So even if it's public ip I have to forward them thru my nat?

BTW: My Virtual Lan (VM machin) is on the same LAN 192.168.1.x the 192.168.3.x is not used it's an old config.

EDIT 1: still dont have access to it from outside with this done...
EDIT 2: I've tried everything i could to get access to theses 3 IP thru my Linux Gateway and I'm out of ideas..