On Tuesday 24 November 2009 11:25:16 am Brian Buhrow wrote: > Hello. Each box has an internal and external address. > So, for example, I have two boxes: > 192.168.25.2 and 192.168.25.4 > Each have external addresses: > 220.127.116.11 and 18.104.22.168 > (These are theoretical numbers) > The customer wants to be on 192.168.25.2 and talk to 192.168.25.4, but > address it as 22.214.171.124. A possible way to do this is to ignore the NAT box. I'm assuming that all traffic from external goes through your NAT box and so the configuration on 192.168.25.2 and .4 just has the private IP configured. I'd add an alias on 192.168.25.2 and .4 with their external IP's of 126.96.36.199 and .4. Make their netmask small enough to cover just your external IP address range. Then, the machines will directly talk to each other on the local net and will not have to send any packets to the NAT box. Both boxes will then be using their "external IP addresses" on the internal network. They can also use their internal addresses to communicate. But on your local network you won't have a box using their internal IP to communicate with another box using its external IP. That is how you ignore the NAT box. The result: any host on the 157.22.25.x/y net looks local on the local net and no packets are sent to the NAT box. The NAT box sends external traffic to 157.22.25.z to their 192.168.25.z address and the NAT box is happy. Hosts behind the NAT box still send their packets to the NAT box if communicating to any other net other than the internal and the 157.22.25.x net. The default route of the hosts should still be the internal address of the NAT box so that the hosts use their internal addresses when sending packets to the NAT box for external routing. The only possible problem is talking to the NAT box using an external IP, but that may also be solvable. --Phil -- Phil Nelson (phil at cs.wwu.edu) http://www.cs.wwu.edu/nelson NetBSD: http://www.NetBSD.org Coda: http://www.coda.cs.cmu.edu
Description: This is a digitally signed message part.