Hi!

I've got a problem here I need to solve...

We have a BM 3.6 server with to private nic, one public and a DMZ nic.


Private1: 192.168.1.254 / 255.255.255.0
Private2: 192.168.2.254 / 255.255.255.0
Public:100.100.100.100 / 255.255.255.0
DMZ: 192.168.254.254 / 255.255.255.0

Secondary Public IP's:

100.100.100.101
100.100.100.102

Public IP is running Dynamic and Static NAT
100.100.100.101 is statically nat'ed to DMZ on 192.168.254.101
100.100.100.102 is statically nat'ed to DMZ on 192.168.254.102

And offcourse some filters in various directions...

On the DMZ I have to servers that runs DNS, SMTP, web and ftp.
(192.168.254.101, and 192.168.254.102)
Both these servers are accessible from the internet on the two public
ip
addresses:
100.100.100.101 and 100.100.100.102
The web server is running several virtually web sites on this single
address.

The problem is now that the two private net can't access the servicesrunning on these servers.
I can't sit on the private net 192.168.1.0 and access a web page on
the
public address: 100.100.100.101
The web server itselves can't access their own web sites on the public

address...

I can ping the two public ip's from the private net, (but I'll guess
it is
the Public nic in the BM server theat is answering the ping...)

I don't won't to put the to servers directly to the public net. I will
have
them behind a firewall.

Do I need two firewalls? or can I do it with just this one?

I've got some more public iP address I can't use if it require that...




Many thanks in advance!

Tore Jacobsen