[CS-FSLUG] FYI, in case you run into this sometime.

[Fred A. Miller]

Re: Correct config for dual nic's

On Sunday 05 April 2009 13:34:50 C****** wrote:
> What I do know is when I add 192.168.123.0 and gw of 192.168.123.x and the
> subnet in yast->routing, email starts working again and other stuff stops
> working.

Problem understood and fixed. Just a quick summary for the benefit of the
list:

The server has two interfaces, 192.168.124.0/24 and 192.168.123.0/24. On
the
124 interface, email was running, on 123 other services.

The client has a 192.168.123.0/24 address, and a gateway of 192.168.123.1.
The router didn't do any NAT between the two 192.168 networks

Without any special rules on the server, the services on the 123
interfaces on
the server worked. The client talked directly to them, and got a
response from
the 123 interface, no problem.

But when talking to email, the client sent the packet to the router,
expecting
a reply back from the router. But the server answered directly on its 123
interface. The client ignored those responses, so email failed.

With the routing rule on the server, all packets for the 123 network
were sent
to the router. Now email worked, because the client sent packets to the
router
and got responses from the router. But everything else failed, because
those
responses *also* came from the router, when the client expected responses
directly from the server

Solution: enable NAT when communicating from the 123 network to the 124
network. Now the server no longer sees the internal address as source
for the
email packets, so it responds correctly to everything

Tricky :)

-- 
"The fundamental premise of liberalism is the moral and
rational incapacity of the American people." ~ Fred Miller