1

This might be needlessly complex, but here goes.

I've got two Firebox x550e devices. The first has a local IP of 10.0.0.1, public IP 64.x.x.x. The second has a local IP of 10.0.0.10, public IP 70.x.x.x.

There is an FTP server on our LAN with a private IP of 10.0.0.55. I've set up NAT rules in each of the Fireboxes, on the first firebox it is 64.x.x.x->10.0.0.55 tcp 21, on the second 70.x.x.x->10.0.0.55 tcp 21.

The first rule works fine. I can ftp to 64.x.x.x and everything's good. The second rule doesn't work. ftp to 70.x.x.x results in a connection timeout. The second firebox logs say the connection is being allowed through.

The default gateway on the FTP server is 10.0.0.1 (the first firebox) If I change the default gateway on the server to 10.0.0.10, the rule on the second firebox starts working, but the rule from the first firebox stops.

Is there some way to make this work for both rules?

James
  • 15
  • 2

1 Answers1

3

Unfortunately this is not very easy. I have accomplished something like this with policy based routing on the Linux server behind the NAT combined with assigning multiple IP addresses to the server. NAT1 would forward to one address, and NAT2 would forward to another address. I setup routes so that each address returned packets via the appropriate gateway.

I am not sure if this is possible on a Windows host.

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • This worked if I added a second IP address from another subnet to the server. Good enough for me. Thanks Zoredache! – James Mar 18 '10 at 04:18