I am currently using nat to join two subnets for internal access to
services and am wondering if there is a more elegant solution.
net1 is our local lan and net2 is our servers. To avoid having to
cross two firewalls I am using a linux box with nat + firewall + dns +
routing on the local machines to give access to the servers. This is
very awkward, is there a better solution? I still want to limit
traffic between the subnets to only those services that are made
public on the net2 subnet.
- ipfw problems using divert and fwd at the same time with 6.3-release
... It appears that the forward "wins" over the NAT regardless of ordering in the ipwf ruleset. ... Some background - I'm testing in the lab a potential setup to provide limited network access to a few subnets in 10.X address space, but if you aren't going to an "approved" address then you get forwarded to a web page running on port 8000 on the same box. ...
- Re: site-2-site VPN
... I was thinking of a VPN connection, but it does not allow one to connect two identical subnets e.g. 10.11.12.0/24 with 10.11.12.0/24. ... Is there a way to connect two offices via VPN and reduce or eliminate the possibility of subnet overlap? ... If you have the same subnet remote and local, it's hard to find a simple logic for any router to decide where a packet should go to, so you must NAT both subnets to different subnets outside, with all possible side effects on protocols that don't like NAT. ...
- Re: PIX advise needed
... >You must assure that your traffic is part of your nat access-list ... I have two different VPN pool address subnets. ...
- Re: How can I send w/out authentication?
... Remember that if those addresses go through a NAT, then the Exchange Server ... On our one & only Exchange server, the Relay Restrictions ... > But I still need to authenticate, even from one of those local subnets. ...
- Re: Firewall question
... minus the one IPA used to do NAT on for the rest of the network, ... I also only have 1 spare NIC left on my firewall, so if I make let's say 4 /26 subnets of 62 IP addreses each I won't be able to assign 2 of these subnets because I don't have enough NICs:( ...