I have to set up a DMZ lab, but I am having issues with the basic network configuration. This is the main configuration:
FW1 - FLAME
Interfaces
eth0 - 192.168.1.3 255.255.255.0 gw 192.168.1.1 (its a virtual environment, this interface is bridged)
eth1 - 192.168.136.1 255.255.255.0
Routing table
0.0.0.0 ----------- 192.168.1.1 ------- eth0
192.168.136.0 --- 0.0.0.0 ------------ eth1
FW2 - ARROW
Interfaces
eth0 - 192.168.136.200 255.255.255.0 gw 192.168.136.1
eth1 - 192.168.30.10 255.255.255.0
Routing table
0.0.0.0 ----------- 192.168.136.1 ------- eth0
192.168.30.0 ---- 0.0.0.0 ---------------- eth1
I also have set to 1 ipv4 forwarding, and set the following IPtables rule in FLAME:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
I tried most of this configuration other times and it worked, but I can't see what am I doing wrong here.
When I try to ping from ARROW to Internet, I can't reach it, but I can ping the eth1 interface on FLAME (it's gateway). Trying to do a traceroute results in a bunch of asterisks, which I interpret as a routing loop.
From FLAME I can reach Internet normally.
This must be a misconfiguration on FLAME, but I cant figure it out. Any ideas?
Aucun commentaire:
Enregistrer un commentaire