Thanks
I have already tried your hint... an it's work well.
Traffic from 192.168.4/24 is routed by gate1 (10.0.1.1). It's work fine but I would try to find different solution, where traffic from two subnet are completely separate. It's just for a security doubt (I guess, double nat = double security ...or perhaps is it only my figment?).
I think is not a config problem, but a networking concept that I lack.
I would try to find a solution where traffic from 192.168.4/24 is traslated,
and clients from that subnet should access to web and to my internal webserver too.
Assuming that clients have not route for 192.168.4/24 net, I try to access webserver trough public ip.
(webserver have a public ip NATted (88.99.100.5) for make it accessible from web)
I can ping but not browsing... dont know wheres my mistake... but I going to think that I cant do it.
I post some tcpdump output
so from 192.168.4.29 to 88.99.100.5:80
tcpdump from gate2 (192.168.4.1) bce1:
15:55:56.724706 IP 192.168.4.29.1196 > 88.99.100.5.80: S 4234213476:4234213476(0) win 16384 <mss 1460,nop,nop,sackOK>
15:55:56.725162 IP 88.99.100.5.80 > 192.168.4.29.1196: R 0:0(0) ack 4234213477 win 0
traslated to gate2 (10.0.1.20) bce0:
16:05:08.531149 IP 10.0.1.20.1731 > 88.99.100.5.80: S 3351163259:3351163259(0) win 16384 <mss 1460,nop,nop,sackOK>
16:05:08.531381 IP 88.99.100.5.80 > 10.0.1.20.1731: R 0:0(0) ack 3351163260 win 0
go to gate1 (10.0.1.1) em0:
16:10:07.703668 10.0.1.20.1964 > 88.99.100.5.80: S 338450095:338450095(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
16:10:07.703676 88.99.100.5.80 > 10.0.1.20.1964: R 0:0(0) ack 1 win 0 (DF)
and here stop it's route... I suppose...
sorry for messy explanation...
|