LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-21-2004, 11:53 AM   #1
Funky D
LQ Newbie
 
Registered: Oct 2004
Posts: 7

Rep: Reputation: 0
Static NAT / DMZ / VPN question


Hi all,

This is probably a pretty basic question, but after struggling for the past few days I think it's time to break down and ask for some help!

We have a Mandrake MNF server with 3 nics protecting our network, with a Sendmail server in the DMZ. Recently, I've been trying to set up the MNF system as a VPN server, but I don't believe our current configurations support it. A breakdown of the firewall system:

eth0 - 172.20.0.100 (LAN)
eth1 - 123.45.6.789 (WAN)
eth2 - 172.20.1.100 (DMZ)

There is one Sendmail server in the DMZ, 172.20.1.3. There is a static NAT connecting that server to the WAN. I believe this is what is causing the problem for the VPN (FreeSwan)... It sees eth1 and eth2 sharing the WAN IP, and will not start because of that.

My biggest confusion is the purpose of static NAT and whether it is necessary. From what I understand, the static NAT tricks external machines into thinking the sendmail server is connected directly to the net via the WAN's IP address.

Is it possible to remove the static NAT and only use port forwarding? Do we need a second external IP address dedicated to the VPN? I'd like to know if this can even work with our current setup and the basic steps I need to take before venturing any further. I'm not new to linux, but I'm definitely not proficient... most of these systems work because of help from howto's and lots of trial and error!

Thanks in advance for any advice!
 
Old 10-22-2004, 07:17 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Static NAT and port forwarding are different names for the same thing...

It also matters how the NAT is being done, whether it's interface based or ip & port based.. As long as the WAN interface ip number matches the SNAT ip number, that's ok.

The VPN is in the correct position, looking outward and should be issuing ip numbers to match the network the clients want to connect to..

FreesWan has a logging system to record failures, successes etc and the online documentation can help with error codes/messages.. http://www.freeswan.org/freeswan_tre...6/doc/toc.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Accessing VPN from DMZ twsnnva Linux - Networking 0 01-03-2005 09:38 AM
shorewall with 2 external static ips and DMZ gjmwalsh Linux - Networking 0 05-10-2004 09:31 PM
gateway(NAT),firewall,server,DMZ andjules Linux - Networking 1 11-22-2002 05:55 PM
gateway(NAT),firewall,server,DMZ andjules Linux - Newbie 2 11-22-2002 08:11 AM
NAT and DMZ hosts help ghost-ils Linux - Networking 0 09-07-2001 02:08 AM


All times are GMT -5. The time now is 04:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration