On 11/2/05, Claudio Castro <ccastro at unr dot edu dot ar> wrote:
> I have a 1:1 NAT defined, a public ip for the firewall 220.127.116.11 and another
> 18.104.22.168 correspond to an internal ip of my DMZ 10.1.1.2(a mail server), the
> default gateway of the mail server is 10.1.1.1, but..the mail server doesnt
> "see" the internet. When I go to m0n0 admin I trought a ping trought the DMZ
> interface to www.google.com and I get this:
> PING www.l.google.com (22.214.171.124) from 10.1.1.1: 56 data bytes
> 64 bytes from 126.96.36.199: icmp_seq=0 ttl=236 time=155.952 ms
> --- www.l.google.com ping statistics ---
> 1 packets transmitted, 1 packets received, 0% packet loss
> Instead of "from 10.1.1.1" why I doesnt come from 188.8.131.52? the NAT is not
because when you ping from an interface, the source is the IP of that
interface. That's not the proper way to test 1:1. Once you can get
out from the mail server, try going to http://whatismyip.com and see
what it says. It should show the public side of that 1:1 setup.
My first guess is you didn't setup proxy ARP on that IP. My second is
you didn't put rules on the DMZ interface allowing traffic outbound.
> I have nothing set in Outbound NAT...should I?