[Firehol-support] Masquerading happening on simple router?
Costa Tsaousis
costa at tsaousis.gr
Sat Oct 15 10:47:24 BST 2005
Carlos Rodrigues wrote:
> Hi!
>
> I have the following definitions in my firehol.conf:
>
>
> router world-to-dmz \
> inface ${world_iface} outface ${dmz_iface}
> protection strong
>
> route all accept
>
>
> router dmz-to-world \
> inface ${dmz_iface} outface ${world_iface}
> protection strong
>
> route all accept
>
>
> As can be seen, there is no masquerading configured between "world"
> and "dmz". However, machines in the DMZ (which have public addresses)
> see all connections from the internet as coming from the firewall.
> Outside machines with incoming connections from machines in the DMZ
> also show the same thing.
>
> I have both interfaces "world" and "dmz" with the same IP address,
> configured with proxy-arp, but that shouldn't be the cause of this,
> AFAIK.
>
> Has anyone got any idea what's happening here?
>
So you are suggesting that there is no 'snat' or 'masquerade' in your
firewall config and still traffic gets SNATed to your firewall IP?
If yes, do you have a trasparent proxy in your firewall?
Please, make a test: add
log 'some text'
to the route command in world-to-dmz above and examine the log. Is SRC=
valid?
Costa
More information about the Firehol-support
mailing list