Jump to content


Photo

two NAT inside outside reaching each other

dstnat map

  • Please log in to reply
2 replies to this topic

#1 Antero Vasconcelos

Antero Vasconcelos
  • Members
  • 5 posts

Posted 13 September 2019 - 07:04 PM

I have two machines in inside network SRVA 10.10.10.10 and SRVB 10.10.10.11 that need to be known in internet as v.w.x.197 and v.w.x.203 (same public network)

 

also the communitaction between them should always be made on public ip address 

 

configured MAP rules,  dst rules, connection, etc ,  and connection is always timeout when trying to reach SRVB public address from SRVA private address and vice versa.

 

any ideas?

 

thx in adv

 



#2 John K. Mes

John K. Mes
  • Members
  • 29 posts

Posted 14 September 2019 - 10:03 AM

Howdy, Antero!

 

I could be wrong, but I don't think it's possible to - or at the very least, feasible to - make the machines communicate via different, NATted IP if they are on the same subnet.  Generally, devices will only hit the firewall if there is no local route to the host. (OK, anything is possible in the *nix world, but Windows would definitely be more difficult.)

 

That's probably why your firewall isn't much help on any traffic between them.

 

The easiest way to do that is create a new private network so that you can have the firewall route between the hosts.

 

Net A: 10.10.10.x/24 : SrvA @ 10.10.10.10 --> FW-NAT to x.y.z.197

Net B: 10.10.11.x/24 : SrvB @ 10.10.11.11 --> FW-NAT to x.y.z.203

 

THat way your firewall rules can govern traffic between the servers and inbound from other hosts.

 

You would need to change your local routing so the firewall doesn't try to route directly between Net A & Net B, too.

 

Just an idea, hope it helps.

Regards,

~John



#3 Mark Shanley

Mark Shanley
  • Members
  • 15 posts

Posted 11 November 2019 - 05:40 AM

If you want to use the name to connect to each other that is fine. But it will not "work" through the firewall. You can do a redirect rule for the host object or the simple way is to put the private IP address in their respective host files on the local machine.