Find the answer to your Linux question:
Results 1 to 3 of 3
Hello, I'm having trouble on figuring out exactly how to do the following: I'm trying to forward/route internal private traffic (e.g.: from one PC with IP 192.168.1.100) by using a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jan 2012
    Posts
    2

    "Special" nating problem...


    Hello,

    I'm having trouble on figuring out exactly how to do the following:

    I'm trying to forward/route internal private traffic (e.g.: from one PC with IP 192.168.1.100) by using a router internal (br-lan) eth0 interface gateway (192.168.1.1) to a public server ip (210.10.10.20), which only accept connections coming from inside a ALG (Application Layer Gateway) interface, which is named: iptvwan; eth1 interface - 10.20.20.10.

    The issue here is: i need that the ip 192.168.1.100 to be visible to the public server, from the iptvwan eth1 interface. I do NOT want to masquerade it - that's what i've got right now implemented (i don't want eth1 interface [10.20.20.10] changing the src ip of packets coming from 192.168.1.100 with it's own 10.20.20.10). I don't mind if there's a PAT...but i do need to keep the outside ip equal to the internal ip.

    here it is a diagram of what i'm looking for: fwrd.jpg


    Anyway, here are some packets that i've captured on a thomson router, showing it working like i would like to implement:

    Code:
    www(dot)cloudshark(dot)org/captures/22bc1ab5ccf7
    
    note 1: Replace (dot) by a .
    
    note 2: Since i haven't reached the 15 posts quota, i apologize but this is the only way i can post the above link
    obs: If you look carefully, you'll see that it looks like has if the private ip is talking directly to the public ip (and vice-versa) like if it was being routed.


    So, how can i do this? i'm a little bit confused on what type(s) of nat do i need, so to be able to replicate the above...do i need a:

    - port restricted cone nat?
    - nat reflection / hole punching?
    - hairpin translation ?
    - other ?

    ...and how can i implement this with iptables? do i need to forward/nat through loopback?

    if someone could share some shed of light i would appreciate it.

    btw: i'm trying to implement this on a draytek using a special/modified version of openwrt...
    Last edited by Keeper75; 01-22-2012 at 03:09 AM. Reason: changed to a shorter capture...

  2. #2
    Linux User
    Join Date
    Dec 2009
    Posts
    260
    Hi for me it looks like a simple forward.

    The two networks you mentioned are on one router.
    Like:
    eth0.1 192.168.1.1/24
    eth0.2 10.20.20.1/24

    All that needs to be done is:
    - enable forward (since it's a router that should be done already)
    - check iptables forward rules

    like:
    iptables -A FORWARD -i eth0.1 -d eth0.2 -j ACCEPT
    iptables -A FORWARD -i eth0.2 -d eth0.1 -j ACCEPT

    Tells that all traffic from network interface 0.1 to 0.2 is allowed.
    second row likewise the other side.

    That should be it.

  3. #3
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    First of all, it doesn't look like as if what you want is a NAT! To me it would look like you would want to merge both subnets (192.168.1.0/24 10.20.20.0/24)? That would be the easiest thing to do, but obviously with the sideeffect that every host in both of the subnets can then talk to each other. If that's not wanted, you could setup the router to route packets from one subnet into the other.

    And here you can read up how that is done:

    $ man route

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •