[Firehol-support] Masquerading happening on simple router?
    Costa Tsaousis 
    costa at tsaousis.gr
       
    Sat Oct 15 11:47:24 CEST 2005
    
    
  
Carlos Rodrigues wrote:
> Hi!
>
> I have the following definitions in my firehol.conf:
>
>
> router world-to-dmz \
>         inface ${world_iface} outface ${dmz_iface}
>         protection strong
>
>         route all accept
>
>
> router dmz-to-world \
>         inface ${dmz_iface} outface ${world_iface}
>         protection strong
>
>         route all accept
>
>
> As can be seen, there is no masquerading configured between "world" 
> and "dmz". However, machines in the DMZ (which have public addresses) 
> see all connections from the internet as coming from the firewall. 
> Outside machines with incoming connections from machines in the DMZ 
> also show the same thing.
>
> I have both interfaces "world" and "dmz" with the same IP address, 
> configured with proxy-arp, but that shouldn't be the cause of this, 
> AFAIK.
>
> Has anyone got any idea what's happening here?
>
So you are suggesting that there is no 'snat' or 'masquerade' in your 
firewall config and still traffic gets SNATed to your firewall IP?
If yes, do you have a trasparent proxy in your firewall?
Please, make a test: add
log 'some text'
to the route command in world-to-dmz above and examine the log. Is SRC= 
valid?
Costa
    
    
More information about the Firehol-support
mailing list