Re: Problem with NAT.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 24 Nov 2000, MONZ wrote:
> Yury Shramko wrote:
> > Standart configuration work well (from internal to Internet and back).
> > But when I try work with host in internal zone through external address
> > I fail (only ping working). As I undestand this take place becose in this
> > case NAT make convertion only dst address and not convert src (but for me
> > need make convert on both dst and src).
> 
> Some simple ascii drawing showing your NAT-router (firewall?) with IP's
> and some info on what can be done from which IP's to which other IP's
> will help here. Is it a Linux router or a firewall? Do you use
> masquerading?...

I use kernel 2.2.17 with ipchans + iproute2. 
I have 3 zone, that connected together with tunnel. 
In each zone I have fiewall+gateway host . In main zone (Gold) on this
host I make NAT for private address of  all zones. Main problem is :
I must make accessible each private host from anyone from external
address.

----------------------------------------------------------
On GOLD - 192.168.0.1 NAT setup.
 
ip rule  add from 192.168.1.2      nat 194.66.33.202
ip route add nat  194.66.33.202    via 192.168.1.2

ip rule  add from 192.168.1.3      nat 194.66.33.203
ip route add nat  194.66.33.203    via 192.168.1.3
----------------------------------------------------------
 
gold-192.168.0.1   external-194.66.30.2  tunnel-10.0.0.1,10.0.0.3   
192.168.0.0/24   NAT to (194.66.33.0/24)  
 
iki-192.168.1.1    external-194.66.31.2  tunnel-10.0.0.2,10.0.0.5
192.168.1.0/24                  

office-192.168.2.1 external-194.66.32.2  tunnel-10.0.0.4,10.0.0.6
192.168.2.0/24

tunnel gol-iki     - 10.0.0.1 - 10.0.0.2
tunnel gold-office - 10.0.0.3 - 10.0.0.4
tunnel iki-office  - 10.0.0.5 - 10.0.0.6

Look simple case when I ping from i2 - 192.168.1.2(194.66.33.202 - NAT) to
i3 - 192.168.1.3 (194.66.33.203 - NAT)  I get: 

i2 - i1 (from 192.168.1.2 to 194.66.33.203) request 
i1 - g1 (from 192.168.1.2 to 194.66.33.203) request 
g1 - i1 (from 192.168.1.2 to 192.168.1.3)  request !!! 
              ^^^^^^^^^^^    
      here I would like see (from 194.66.33.202 to 192.168.1.3) request 
                                 ^^^^^^^^^^^^^
i1 - i3 (from 192.168.1.2 to 192.168.1.3) request
i3 - i2 (from 192.168.1.3 to 192.168.1.2) reply

In this case only ping will be work. All other programs fails.
May be I incorrectly setup nat ?

For this simple case I have desigen - NAT+Masquerade but it work only for
simple case.  

With best regards
Yury Shramko

-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.kernel.org
[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux 802.1Q VLAN]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Git]     [Bugtraq]     [Yosemite News and Information]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux PCI]     [Linux Admin]     [Samba]

  Powered by Linux