Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Rob_Shears
Contributor

Is NAT required for a ClusterXL vip outbound?

I just setup a brand new ClusterXL security gateway. eth0 has a WAN facing ip as it's VIP, say X.X.X.X/30. It's a public /30, with the router ahead of me holding 1 of 2 other IPs. so the the non-virtual IPs on that interface are on 172.17.0.0/30.

Just trying to get some basic routing going.

When I ping X.X.X.X from the outside, I see it hit the FW. Be allowed but NAT'ed to 1 of the 172.17.0.0s and no reply is received by the remote end.

 

Outbound, if I ssh into one of the gateways, for starters I cannot ping -I X.X.X.X/30 8.8.8.8. It says cannot assign requested address. Maybe this is expected.

A regular attempt at a ping is also seen on the firewall but get's NAT'ed to the the Cluster VIP of my management network (Y.Y.Y.Y/24). No reply is seen on my end here either.

Both show up as NAT Rule Number 0.

eth0 is defined as the only external in topology

ICMP Requests in Global Properties are checked on.

Surely, NAT isn't required here when its meant for hosts BEHIND the gateway, no?

I feel like I'm missing something.

0 Kudos
11 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events