From: Amos Jeffries <squid3@treenet.co.nz>
To: dmiller@amfes.com
Cc: Mail List - Netfilter <netfilter@vger.kernel.org>
Subject: Re: Basic Routing
Date: Tue, 04 Nov 2008 12:40:50 +1300 [thread overview]
Message-ID: <490F8C02.4060107@treenet.co.nz> (raw)
In-Reply-To: <490F537B.7070506@amfes.com>
Daniel L. Miller wrote:
> Daniel L. Miller wrote:
>> Grant Taylor wrote:
>>> Is this close to what you are wanting to happen? (Let me know before
>>> I explain how to make this happen.)
>> Um...no. Too complicated.
>>
Daniel,
lets cut this right back to the basics and answer your original question:
1) NAT is needed to change private IPs (192.168.0.0/16) to Internet
IPs. It does not in itself send packets anywhere.
2) everything else just uses straight routing.
puddles of NAT around the rest of the internet are invisible and
completely ignored by your systems.
> Now that we're discussing that - let's change gears and talk about it
> differently.
>> A==>C<==>D<===B
> No Internet - but still private networks. So Router C has a route for
> the network 'A' 192.168.0.0/24 and route to reach router 'D'. Router
> 'D' knows about network 'B' 192.168.1.0 and router 'C'. D and C talk to
> each other, just because, on their own network of 172.16.0.0/16.
>
> Is any NAT required for this conversation? In particular - do Linux
> routers require SNAT lines for this? Or just routing tables?
NAT is different to routing. All it does is change the private IPs
back-n-forth. plain old routing is still needed to get the private
packets to the NAT place and then the public packets out across the
Internet.
Lets follow that sequence:
A creates a packet(A->D) and 'routes' it to C.
C takes the packet(A->D). NATs it packet(C->D). then routes it to B
B takes the packet(C->D). NATs it packet(B->D). then routes it to D.
D takes the packet(B->D).
D replies with packet(D->B).
B takes the packet(D->B) and NATs it packet(D->C). then routes it to C.
C takes the packet(D->C) and NATs it packet(D->A). then routes it to A.
A gets reply packet(D->A)
Far too complicated than it needs to be yes?
So NAT only happens when one of the IPs needs to be changed (ie from a
private IP to a 'public' one, or from one private to another private)
If you really have different 192.168.*.0/24 networks at A and B. AND
also control the network C-D. You should be able to get away without NAT.
By simply setting the route table of C to route B network through D.
And D route table to route network A through C.
AYJ
next prev parent reply other threads:[~2008-11-03 23:40 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-02 16:15 Basic Routing Daniel L. Miller
2008-11-02 17:03 ` Rob Sterenborg
2008-11-02 18:43 ` Daniel L. Miller
2008-11-02 19:53 ` Rob Sterenborg
2008-11-03 1:59 ` Daniel L. Miller
2008-11-02 20:04 ` Grant Taylor
2008-11-02 20:51 ` Grant Taylor
2008-11-03 1:52 ` Daniel L. Miller
2008-11-03 2:34 ` Grant Taylor
2008-11-03 19:29 ` Daniel L. Miller
2008-11-03 19:39 ` Daniel L. Miller
2008-11-03 20:26 ` Grant Taylor
2008-11-05 0:00 ` Daniel L. Miller
2008-11-05 5:21 ` Rob Sterenborg
2008-11-05 15:56 ` Grant Taylor
2008-11-05 18:22 ` Rob Sterenborg
2008-11-05 18:30 ` Grant Taylor
2008-11-05 19:49 ` Rob Sterenborg
2008-11-05 15:24 ` Grant Taylor
2008-11-03 23:40 ` Amos Jeffries [this message]
2008-11-04 23:13 ` Grant Taylor
2008-11-04 23:53 ` Daniel L. Miller
2008-11-05 12:24 ` John Haxby
2008-11-05 17:31 ` Grant Taylor
2010-09-20 21:40 ` Daniel L. Miller
2010-09-20 23:41 ` Jan Engelhardt
2010-09-21 3:34 ` Grant Taylor
2008-11-05 17:17 ` Grant Taylor
2008-11-02 19:06 ` Grant Taylor
2008-11-03 10:54 ` Pascal Hambourg
2008-11-03 16:35 ` Grant Taylor
-- strict thread matches above, loose matches on Subject: below --
2014-10-04 1:10 Basic routing John Smithee
2014-10-04 1:24 ` John Smithee
2014-10-04 8:50 ` George Botye
2014-10-04 1:34 ` Neal Murphy
2014-10-04 2:52 ` John Smithee
2014-10-04 3:05 ` Dennis Jacobfeuerborn
2014-10-04 5:02 ` Neal Murphy
2014-10-04 7:04 ` John Lister
2014-10-04 11:06 ` John Smithee
2014-10-04 13:56 ` Thomas Bätzler
2014-10-04 15:07 ` John Smithee
2014-10-04 17:44 ` John Smithee
2014-10-05 15:41 ` John Lister
2014-10-06 9:41 ` André Paulsberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=490F8C02.4060107@treenet.co.nz \
--to=squid3@treenet.co.nz \
--cc=dmiller@amfes.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).