Home Forums OS X Server and Client Discussion Questions and Answers Routing across multiple NICs

Viewing 1 post (of 1 total)
  • Author
    Posts
  • July 27, 2005 at 7:23 pm #362540
    stevek
    Participant

    Ok I have 3 NIC in my gateway mac running 10.4.2, on 2 subnets
    en0 10.73.0.1/24
    en4 10.73.30.1/24

    the external NIC is en2 connected to the router

    I set up NAT to work off of en2 when I only had en2 and en0 in the system and that is working fine, I am anle to route through en2 from en0.

    I needed to set up a DMZ to set up some webservers so I added a new NIC en4, en4 and en2 are the same kind of NIC so I know it should work, but I am unable to route traffic through en2 from en4.

    I took a look at the nat configs via serveradmin 

    oden-# serveradmin fullstatus nat 
nat:activeTCP = 297 
nat:state = "RUNNING" 
nat:activeUDP = 78 
nat:logPaths:natLog = "/var/log/alias.log" 
nat:readWriteSettingsVersion = 1 
nat:setStateVersion = 1 
nat:startedTime = "2005-07-27 11:20:32 -0400" 
nat:devices:_array_index:0:device = "en4" 
nat:devices:_array_index:0:name = "en4 DMZ 30.1" 
nat:devices:_array_index:1:device = "en2" 
nat:devices:_array_index:1:name = "en2 130" 
nat:devices:_array_index:2:device = "en0" 
nat:devices:_array_index:2:name = "en0 10.73.0.1" 
nat:activeICMP = 2

    it looks like NAT is using en4 as a device.
    I also took the 10.73.0.0/24 subnet, firewall settings and copied them to the 10.73.30.0/24 subnet.
    I a took a look at the firewall logs and it is also passing traffic. 

    tail -f /var/log/ipfw.log | grep 10.73.30 
Jul 27 11:13:23 oden ipfw: 12309 Accept P:2 10.73.30.1 224.0.0.2 out via en4 
Jul 27 11:13:23 oden ipfw: 12309 Accept P:2 10.73.30.1 224.0.0.251 out via en4 
Jul 27 11:13:24 oden ipfw: 12309 Accept P:2 10.73.30.1 224.0.0.251 out via en4 
Jul 27 11:14:05 oden ipfw: 12330 Accept UDP 10.73.30.2:50069 224.0.0.251:5353 in via en4 
Jul 27 11:14:05 oden ipfw: 12330 Accept UDP 10.73.30.2:50070 224.0.0.251:5353 in via en4

    so it is passing traffic to the 10.73.30 subnet.

    And I am able to duplicate the en0 interface and use the 10.73.30.0/24 subnet and move the webservers to the same vlan as the 10.73.0.0/24 subnet and it works.. but I would like to keep the DMZ on a separate vlan from my internal traffic.

    what am I missing ? please help.

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2024 AFP548. All Rights Reserved.