<div>The external return traffic is not going the right direction. Put your default gateway on eth1 and setup static routes on eth2 for any internal networks that aren't on the <a href="http://192.168.101.0/24"><font color="red"><b>MailScanner has detected a possible fraud attempt from "192.168.101.0" claiming to be</b></font> 192.168.101.0/24</a> subnet.</div>
<br><div class="gmail_quote">On Sun, Sep 25, 2011 at 5:41 AM, Paul Harrington <span dir="ltr"><<a href="mailto:Paul.Harrington@nmni.com">Paul.Harrington@nmni.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Hi there,<br>
<br>
I have a ZendTo Ubuntu VM installed with one nic connected to the internal network so it can authenticate internal users on our AD, I then have the other nic on the public IP so that it is available from the internet.<br>
<br>
I need to ensure requests sent through the public IP are returned via that nic, and not that on the internal nic.<br>
<br>
At the moment, my configuration is as follows, which works for the most, but the box cannot access the internet and therefore cannot send the entry to the reCAPTCHA servers, and apt-get update just times out. I cannot ping 8.8.8.8 etc either<br>
<br>
The eth1 address is on our DMZ and is mapped to a public IP by our firewall. If I put the gateway on the LAN nic, the box can access the internet, but then it is no longer reachable externally.<br>
<br>
iface eth2 inet static<br>
address 192.168.101.13<br>
netmask 255.255.255.0<br>
network 192.168.101.0<br>
dns-nameservers 192.168.101.249 192.168.101.226 8.8.8.8<br>
post-up route add -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.101.254<br>
pre-down route del -net 192.168.0.0 netmask 255.255.0.0 gw 192.168.101.254<br>
<br>
iface eth1 inet static<br>
address 172.16.1.3<br>
netmask 255.255.255.0<br>
network 172.16.1.0<br>
gateway 172.16.1.254<br>
<br>
<br>
Paul Harrington<br>
ICT Officer<br>
<br>
National Museums Northern Ireland<br>
Cultra, Holywood, Co. Down, BT18 0EU<br>
<br>
T - 028 9039 5281<br>
E - <a href="mailto:paul.harrington@nmni.com">paul.harrington@nmni.com</a><br>
<br>
[<a href="http://www.nmni.com/images/nationalmuseumslogo.gif" target="_blank">http://www.nmni.com/images/nationalmuseumslogo.gif</a>]<br>
<a href="http://www.nmni.com" target="_blank">www.nmni.com</a><<a href="http://www.nmni.com" target="_blank">http://www.nmni.com</a>><br>
<br>
<br>
<br>
This message contains confidential information and is intended only for <a href="mailto:zendto@zend.to">zendto@zend.to</a>. If you are not one of the intended recipients, you should not disseminate, distribute or copy this e-mail. Please notify <a href="mailto:paul.harrington@nmni.com">paul.harrington@nmni.com</a> immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Paul Harrington therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version.<br>
<br>
Please consider the environment before printing this email.<br>
<br>
<br>
_______________________________________________<br>
ZendTo mailing list<br>
<a href="mailto:ZendTo@zend.to">ZendTo@zend.to</a><br>
<a href="http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto" target="_blank">http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto</a><br>
</blockquote></div><br>