I have 3 NIC for Local, Internet, and DMZ. The print out are :
[admin@gateway] interface> print
Flags: X - disabled, D - dynamic, R - running
NAME TYPE RX-RATE TX-RATE MTU
0 R Internet ether 0 0 1500
1 R Local ether 0 0 1500
2 R DMZ ether 0 0 1500
In The Address List I already input several ip address, the print out are :
[admin@gateway] ip address> print
Flags: X - disabled, I - invalid, D - dynamic
ADDRESS NETWORK BROADCAST INTERFACE
0 202.xxx.21.184/27 202.xxx.21.160 202.xxx.21.191 Internet
1 202.xxx.21.171/27 202.xxx.21.160 202.xxx.21.191 Internet
2 202.xxx.21.168/27 202.xxx.21.160 202.xxx.21.191 Internet
3 192.168.0.184/24 192.168.0.0 192.168.0.255 Local
4 192.168.10.17/24 192.168.10.0 192.168.10.255 DMZ
And I input the dst nat for proper inbound nat, the print out are :
[admin@gateway] ip firewall dst-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 dst-address=202.xxx.21.171/32 action=nat to-dst-address=192.168.10.33
1 dst-address=202.xxx.21.168/32 action=nat to-dst-address=192.168.10.168
Dst Nat rule no 0, used for outbound connection from internet to Server A network
Dst Nat rule no 1, used for outbound connection from internet to Server B network
For the Src nat for proper outbound nat, the print out are :
[admin@gateway] ip firewall src-nat> print
Flags: X - disabled, I - invalid, D - dynamic
0 src-address=192.168.10.33/32 action=nat to-src-address=202.xxx.21.171
1 src-address=192.168.10.168/32 action=nat to-src-address=202.xxx.21.168
2 src-address=192.168.0.0/24 action=nat to-src-address=202.xxx.21.184
Src Nat rule no 0, used for outbound connection from Server A network to internet
Src Nat rule no 1, used for outbound connection from Server B network to internet
Src Nat rule no 2, used for outbound connection from local network to internet
For forward chain I input the following rule, some of the print out are :
Flags: X - disabled, I - invalid
0 add src-address=202.xxx.21.160/27:0-65535 in-interface=all
dst-address=0.0.0.0/0:0-65535 out-interface=all protocol=all
icmp-options=any:any tcp-options=any connection-state=any flow=""
connection="" content="" src-mac-address=00:00:00:00:00:00 limit-count=0
limit-burst=0 limit-time=0s action=accept log=no comment="" disabled=no
1 ...
The Outbound connection to internet working good for Local Network(192.168.0.0/24),
Server A (192.168.10.33) and Server B (192.168.10.168).
And The Connection From Internet to Server A and Server B working good.
Case I:
But the problem is begin when I try to connect to Server B using the hostname of Server B (mybox.B.com)
which resolve to the public Ip Address (202.xxx.21.168), through Server A The connection always failed.... I tried to ping to 202.xxx.21.168, I always get the reply from Server B
Case II:
The Same problem occur when I try to connect to Server A (mybox.A.com) from the Server B
My solution for Case I:
I tried to bypass the hostname resolve from dns server by using dns cache, so when I want to connect
to Server B (mybox.B.com) it will resolve to DMZ address (192.168.10.33) instead the public one. And the same with problem with Case II
Can anyone help me to solve my problem :
How I can connect to Server B's public Address (202.xxx.21.168) through Server A,
b'cos I had no domain name for the Public IP address?
Thanks in Advance
