Hi,
I'm trying to setup a new SDSL connection, bundled with xx.xx.28.96/29 public IP addresses, on my OPT4 interface.
So far:
* I have given xx.xx.28.98 to OPT4, the ISP's modem having xx.xx.28.97 (can ping the router)
* I have configured 2 1:1 NATs with automatic ProxyARP config (can ping the router from the NATed servers)
- OPT4 xx.xx.28.99/32 xx.xx.1.3/32 1:1 NAT for Public Server in DMZ (behind OPT3)
- OPT4 xx.xx.28.100/32 xx.xx.3.3/32 1:1 NAT for Asterisk Server in VOIP (behind OPT2)
* I have setup a static route to my VoIP gateway (working, can ping the gateway through the router)
- OPT4 xx.xx.78.35/32 xx.xx.28.97 Route to VoIP Gateway at the ISP
The hard times began when I began trying to reach my VoIP & public servers from the outside:
* SSHed to a host somewhere on the net
* ping xx.xx.28.97 (ISPs modem) works
* ping xx.xx.28.100 no answer... oups no rules to allow ICMP
* Create rule:
ICMP * * xx.xx.28.100 * DEBUG: Ping any to 1:1ed Asterisk server
* ping xx.xx.28.100 no answer...
* check logs:
blocked OPT4 xx.xx.xx.xx xx.xx.3.3, type echo/0 ICMP...
Translation may happen before filtering...
* Modify rule:
ICMP * * xx.xx.3.3 * DEBUG: Ping any to 1:1ed Asterisk server
* ping xx.xx.28.100 no answer...
* check logs:
blocked OPT4 xx.xx.xx.xx xx.xx.3.3, type echo/0 ICMP...
So ATM, with my understanding, NAT is working, but I can't see what I should do make my 1:1 NATed servers be reachable from the outside...
Any help would be GREATLY appreciated
Bests
Jé
Topic: 1:1 (onetoone) NAT and filtering