On 11/2/05, Claudio Castro <ccastro at unr dot edu dot ar> wrote:
> I have a 1:1 NAT defined, a public ip for the firewall 2.0.0.2 and another
> 2.0.0.1 correspond to an internal ip of my DMZ 10.1.1.2(a mail server), the
> default gateway of the mail server is 10.1.1.1, but..the mail server doesnt
> "see" the internet. When I go to m0n0 admin I trought a ping trought the DMZ
> interface to www.google.com and I get this:
>
> PING www.l.google.com (64.233.187.104) from 10.1.1.1: 56 data bytes
> 64 bytes from 64.233.187.104: icmp_seq=0 ttl=236 time=155.952 ms
>
> --- www.l.google.com ping statistics ---
> 1 packets transmitted, 1 packets received, 0% packet loss
>
> Instead of "from 10.1.1.1" why I doesnt come from 2.0.0.1? the NAT is not
> working?
>

because when you ping from an interface, the source is the IP of that
interface.  That's not the proper way to test 1:1.  Once you can get
out from the mail server, try going to http://whatismyip.com and see
what it says.  It should show the public side of that 1:1 setup.

My first guess is you didn't setup proxy ARP on that IP.  My second is
you didn't put rules on the DMZ interface allowing traffic outbound.

> I have nothing set in Outbound NAT...should I?
>

no.

-Chris