Re: multiple nat + public adresses

["Wojciech Ziniewicz" <wojciech.ziniewicz@gmail.com>]

2006/5/26, Pascal Hambourg <pascal.mail@plouf.fr.eu.org>:
> Hello,
>
> Wojciech Ziniewicz a écrit :
> > Hello , i have a strange configuration (below) :
> >
> > LAN_IP1\
> > LAN_IP2- =====(lan1)NAT1(lan2)=====(lan2)NAT2(pub)==== Internet
> > LAN_IP3/
>
> Nothing strange so far.
>
> > -LAN_IP1, LAN_IP2 are workstations
> > -LAN_IP3 - has a public IP adress  (going thru 2  DNAT's : NAT1 i NAT2)
>
> Oh, you were right. A public address behind some NAT, THIS is strange.
>
> > -I have iptables on NAT2 and NAT1 is a cisco router (very very old).
> > LAN_IP3 has the public adress assigned with iptables DNAT going thru
> > those two NATS (being rewrited two times)...
> >
> > What to do , to allow LAN_IP1 and LAN_IP2 connect to public IP adress
> > of LAN_IP3 host ? Now  they are only seeing the public adress assigned
> > to NAT2 eth0 interface..
>
> Add a direct route to the address on the workstations to let them know
> that it is reachable on the same LAN ?
sure - it would be easy - but not for so many workstations (I know,
there are only 3 on graph).

I've asked about that on the polish debian-user group and we've
managed to find 2 good ways to resolve this problem.

1. Cisco DNS doctoring :
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094aee.shtml

or

2. Setting up views on the local DNS server so hosts inside LAN are
seeing those public servers with their DNATed private IP, but from
internet they are seeing something like 217.x.x.x

so the problem is solved (my cisco was too old to configure dns
doctoring ,but DNS views work fine.)


Regards
Wojciech Ziniewicz
--
Pozdrawiam,
Wojciech Ziniewicz            | wojciech.ziniewicz@gmail.com
Powered by google.com      | [wanna gmail?]
http://silenceproject.org       | :E