From: Ti Leggett <leggett@eecs.tulane.edu>
To: lartc@vger.kernel.org
Subject: [LARTC] Routing with SNAT
Date: Fri, 22 Feb 2002 13:31:32 +0000 [thread overview]
Message-ID: <marc-lartc-101438475016917@msgid-missing> (raw)
I've been having some problems recently with regards to getting a
particular configuration setup. Excuse me if this has been asked before
but I couldn't think of a way to search for this type of question. What
I have is this: a wireless NAP that does PPPoE, an ARM netwinder running
debian, an Intel box running RedHat/Windows. I'm currently using DSL and
get a static IP via PPPoE. What I want to do is this:
- I want the wireless NAP to connect to my DSL (ARM pppoe just isn't
there yet).
- I want the netwinder right behind the NAP and fully open to the
internet (this is achieved using the NAP's DMZ feature)
- The netwinder will run netfilter doing my packet filtering, NAT, and
traffic shaping
- The netwinder will also be connected to a hub
- All machines behind the netwinder will connect to the hub and use the
netwinder's NAT to gain net
Let's say my static ip is 1.2.3.4. The NAP's local address is
192.168.123.254. The netwinder's interface to the NAP (eth0) is
192.168.123.1. The netwinder's hub interface (eth1) is 192.168.1.1. The
netwinder's default route is 192.168.123.254. All other machines
connected to the hub are in the network 192.168.1.0/24 and have the
default route 192.168.1.1. On the netwinder I use netfilter to do SNAT
using the following rule:
-t nat -A POSTROUTING -s 192.168.1.0/255.255.255.0 -o eth0 -j SNAT --to
1.2.3.4
What works:
-The netwinder can see both local nets .123 and .1 as well as the
outside internet
-All machines behind the netwinder get one way communication outwards.
Example:
On the intel machine which has address 192.168.1.2 I try to ping 2.3.4.5
(an outside IP). I have root access on 2.3.4.5 so I put the ethernet
interface into promiscuous mode and run "tcpdump -i eth0 -p icmp". On
the netwinder I put eth0 into promiscuous mode and do the same. What I
see is that the netwinder sees the outgoing ICMP requests with my static
ip (1.2.3.4). 2.3.4.5 sees the request coming from 1.2.3.4 and sends
replies. The netwinder never sees the replies. What I've gathered is
that the netwinder needs to broadcast that it is the route for 1.2.3.4
so that these return packets get past the NAP and routed to the
netwinder. In my searching I haven't found how to do this. Can anyone
let me know how this might be achieved or let me know the proper way to
get this working? Thanks!
-Ti Leggett
leggett@eecs.tulane.edu
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/lartc/
next reply other threads:[~2002-02-22 13:31 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-02-22 13:31 Ti Leggett [this message]
2002-02-24 9:53 ` [LARTC] Routing with SNAT bert hubert
2002-02-24 16:39 ` Ti Leggett
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-101438475016917@msgid-missing \
--to=leggett@eecs.tulane.edu \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.