realfoh
asked on
Disable NAT in IPCop?
I have a bunch of users on the inside interface with official IP's.
Now they are represented by the outside interface IP, which tells me the firewalls using NAT instead of routing the traffic.
How can I disable the NAT in IPCop - any ideas?
Now they are represented by the outside interface IP, which tells me the firewalls using NAT instead of routing the traffic.
How can I disable the NAT in IPCop - any ideas?
iptables -F nat
remove the chain nat from your ipcop
remove the chain nat from your ipcop
ASKER
Permanently? Or will it reappear upon reboot?
you can add this in the /etc/rc.local and this maintein on any reboot.
ASKER
Will this actually remove the NAT'ing and make it route the traffic instead?
no. you need to make the routes after remove the NAT.
route add xxxxxxx to xxxxxxx
route add xxxxxxx to xxxxxxx
ASKER
My inside interface is using 217.x.x.x adresses on /26 network.
Inside interface IP: 217.x.x.129.
Outside using 84.x.x.x adress on /30 network.
What command will make this work? And how do I make it a permanent change?
Inside interface IP: 217.x.x.129.
Outside using 84.x.x.x adress on /30 network.
What command will make this work? And how do I make it a permanent change?
nothing you need add the default gateway to the card
route add -net default gw "yourdefaultgateway" dev eth0
and read this for make permanent and check what files you need to change
http://www.siliconvalleyccie.com/linux-hn/network-linux.htm
route add -net default gw "yourdefaultgateway" dev eth0
and read this for make permanent and check what files you need to change
http://www.siliconvalleyccie.com/linux-hn/network-linux.htm
ASKER
The outside IF is assigned ip 84.x.x.x with subnet .252
Inside IF assigned ip 217.x.x.129, subnet .192
DMZ IF assigned 217.x.x.225, subnet .224
All computers on both DMZ and inside are seen by the GW-ip, 84.x.x.x.
I want to make all computers to be seen with their official IP, and the traffic to be routed, not nat'ed.
What do I have to do to make this work?
Need a solution that is 100%, as I have active computers on the inside IF and in DMZ.
Inside IF assigned ip 217.x.x.129, subnet .192
DMZ IF assigned 217.x.x.225, subnet .224
All computers on both DMZ and inside are seen by the GW-ip, 84.x.x.x.
I want to make all computers to be seen with their official IP, and the traffic to be routed, not nat'ed.
What do I have to do to make this work?
Need a solution that is 100%, as I have active computers on the inside IF and in DMZ.
ASKER
Just to make sure I'm making myself clear:
Inside computers use .129 as their gw, DMZ computers use .225 as gw.
All computers are seen by the 84.x.x.x address from the outside (which is the outside IF address).
Inside computers use .129 as their gw, DMZ computers use .225 as gw.
All computers are seen by the 84.x.x.x address from the outside (which is the outside IF address).
question: you remove nat and masq sentences from gateway? if that is correct you dont have problems to go outside with the real IP.....
if not all computer use NAT yo go outside. please check in your gateway if you remove all nat and masq
if not all computer use NAT yo go outside. please check in your gateway if you remove all nat and masq
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
lol good change
PAQ probably? It is a good discussion which made clear that IPCop cannot really do this. ?
ASKER
Don't know which answer to accept here...hehe...
None :) The mods will refund you the points - just the qeustion will eb saved in the database instead of deleted
iptables -L -t nat
if you have rules you have NAT