DMZ Routing
Hello all networking gurus, I have a problem that I'd really like fixed.
I currently have a T1 coming into my location, a cisco router with 1 wan 2 lan ports. One side of the lan is protected for all internal clients, the other is my DMZ with public internet IPs. The internal clients do access the DMZ machines and I'm having trouble routing this.
The DMZ machines are located on-site, just on a different Lan port to scrutinize privacy. I have added into these DMZ machines 2 Linux machines, one controls Email/DNS, the other secondary Email/HTTP. In the secondary machine I have two nics, one connected to the switch for the dmz, one to the switch for the local clients. I figured it makes more sense to route my local clients "around" my cisco(as it's ports are only 10mbit) by using this setup. Problem is, they won't route around it! An example would be as follows:
Machine A: 192.168.0.7 -- Client
Machine B: 66.64.33.88 -- DMZ Email/HTTP Machine NIC1
Machine B: 192.168.0.15 -- DMZ "client" NIC2
On Machine A(win2k):
route add 66.64.33.0 mask 255.255.255.0 192.168.0.15
route add 192.168.0.0 mask 255.255.255.0 192.168.0.1
On Machine B(Linux):
route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.0.15
route add -net 66.64.33.0 netmask 255.255.255.0 gw 66.64.33.1
In reality this should effectively send traffic from machine A, bound for anything on or around Machine B through B.
My question(after this long discussion) is do I need to invoke iptables to get the machine to forward packets along, or does it automatically? I ask because using FTP to watch packet bandwidth, I see only around 500k transfers to machines on B's subnet from A, vice versa is also true. Since both use 100mbit cards/switches they should be closer to 5000k.
Thanks for the help, let me know if any more details are needed.
|