Gday all....
got a few q's on how to properly implement & correct a routing problem
i have.
Consider the following physical network:
LAN --- (Switch) --- Linux --- (Switch) --- ADSL2+ Modem
+------ PIX -------+
Linux Int - 172.30.1.254, Ext- 172.30.250.254
PIX Int - 172.30.1.251, Ext- 172.30.250.251
ADSL - 172.30.250.250
ADSL External has static IP - 1.2.3.4
The LAN has the Linux box as its default gateway. This linux box is
NAT'ing this into the External Network, and the ADSL2 modem is NAT'ing
the external to the Internet.
The External interface of the PIX is defined as the 'DMZ' host in the
ADSL modem, so it receives all requests hitting the external interface.
This PIX then forwards on the requests to the appropriate LAN server
(mail + web etc). This PIX is also a PPTP/IPSEC Vpn server to allow
internet users to log into the LAN.
Now...why do it like this? I want the IPSec/Firewall features of the
PIX, but the PIX is a 10 user 501, which only has 10mbit interfaces,
and my ADSL2 connection is 24mbit, and I have around 30 machines on the
LAN.
Now, the problem. All the LAN users have no hassles accessing the
internet correctly. External services though...this is the issue. When
a user, for example, connects to port 25 for a SMTP session, hits the
1.2.3.4 address, the pix forwards it on to the correct server. When the
TCP stack on that server replies with its SYN/ACK though, it gets sent
back via the Linux machine, being the default route. This confuses the
ADSL modem, which treats it as a new packet, re-nat's it, and sends to
back to the user. The user's machine then replies with a RST because it
doesnt understand what the hell is going on. Hence the connection
fails. What to do?
I am puzzled. Any help would be fantastic - cheers!!
|
Similar Threads
Linear Mode
