* gabriel rivera wrote on Fri, Jun 15, 2001 at 04:42 -0500:
The dmz interface has a private IP, but is connected to a switch with my web and mail servers on it, complete with public IP's.
You setup an alias address on this interface, I assume?
I suspect that my routing configuration is incorrect. Despite what I thought was a basic understanding of subnetting and static routing in general, I cannot achieve the proper config!!! Anyone see my errors??
10.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 1.2.3.4.0 0.0.0.0 255.255.255.248 U 0 0 0 eth0 ^^^^^^^^^ :-)
route.conf from webserver:
default 10.0.0.1 10.0.0.1 0.0.0.0 255.255.255.255 eth0
If the webserver (apache) is bound to a specific IP (and of course not the internal :)) it should work. PING from outside, too, I assume, But I think you cannot PING the "internet" from your Webserver, ain't? That's why PING uses 10.0.0.1 (the alias) as source IP since it's the nearest interface. You can cirumvence this, when configuring the firewall to do masquerading for 10.0.0.1 to !10.0.0.0/8. I cannot tell you if susefirewall can be configured in such a way. Maybe you need some additional rules via ipchains. Try that first, without filtering, since it's hard to debug a complex ruleset :) I hope I understood you right and could point you in the right direction... oki, Steffen -- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.