Help setting up NAT and DHCP

[Anonymous]

I am running DHCP, Firewall, AFP, DNS, VPN, Mail, FTP, WWW, QTSS. I have (2) dual network interface cards installed. The built in interface is my LAN connection. The other four interfaces are external static IP’s for Mail, WWW, FTP, QTSS… I am having trouble using NAT. If I set the first external interface as my network connection to share, LAN clients can get out on the internet but incoming outside requests cannot reach domains assigned to the second or third external interfaces. If I set the last external interface as my network connection to share, incoming outside requests reach all domains on all interfaces but LAN clients cannot get out on the internet.

In System Preferences/Network/Network Status/Show: Network Port Configurations, The interfaces are in this order:
PCI Ethernet Slot 3 port 1, en1, is external ip xx.xx.xx.1
PCI Ethernet Slot 3 port 2, en2, is external ip xx.xx.xx.2
PCI Ethernet Slot 2 port 1, en3, is external ip xx.xx.xx.3
PCI Ethernet Slot 2 port 2, en4, is external ip xx.xx.xx.4
My built in interface, en0, Built-in Ethernet, 192.168.1.1
I have Built-In Firewire turned off. And Internal Modem turned off.

I believe this is the correct way to order the interfaces.
xx.xx.xx.1 is the default interface. VPN access happens here. Which is working just fine.

In SA under DHCP/Settings I have only my internal interface listed here: 192.168.1.1 en0, this is the subnet that I want DHCP to provide services to. All other subnets have been removed.

Now, in SA under NAT settings, I have selected my first external interface xx.xx.xx.1 as my Network Connection to Share. DHCP works fine. It is giving all of my internal Clients a good lease, correct IP range, correct subnet, correct router, and correct DNS servers. All clients have internet access correctly as it should be.

This is where I am having trouble:
What is not happening is that if I go to another network (neighbors house, work) and try to access any of my websites hosted on the second or third external interface (xx.xx.xx.2 or xx.xx.xx.3), they will not load, they time out. Web sites hosted on the first interface xx.xx.xx.1, load fine.

What I want to know is why I cannot access sites on other interfaces.
Am I missing something in natd.conf.apple that will let natd know that there are other interfaces behind xx.xx.xx.1?
Does this sound like a firewall problem?
Does this sound like a DNS issue?

Any other ideas?

Thanks for the time,
RGNelson

[Anonymous]

Why do you need so much cards.

In my opinion this is how it should be set.

Your internet connection goes into your built-in port. It is en0. It has the IP adress your IPS gave you or if you connect via ppoe a floating one.

Your card should share via en0, and have an IP range of 192.168.0.2 to whavever ( ex 192.168.255,255 about 65000 users) the number of users on your network.

But remember that an adress behind a NAT is not visible from outside your private network. To do that you need a fixed IP to serve pages to the outside world. This is why a router or NAT is more secure than just a machine plugged on the internet.

Hope this help.

[Author]

Posts