Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    "Special" nating problem...


    I'm having trouble on figuring out exactly how to do the following:

    I'm trying to forward/route internal private traffic (e.g.: from one PC with IP by using a router internal (br-lan) eth0 interface gateway ( to a public server ip (, which only accept connections coming from inside a ALG (Application Layer Gateway) interface, which is named: iptvwan; eth1 interface -

    The issue here is: i need that the ip to be visible to the public server, from the iptvwan eth1 interface. I do NOT want to masquerade it - that's what i've got right now implemented (i don't want eth1 interface [] changing the src ip of packets coming from with it's own I don't mind if there's a PAT...but i do need to keep the outside ip equal to the internal ip.

    here it is a diagram of what i'm looking for: fwrd.jpg

    Anyway, here are some packets that i've captured on a thomson router, showing it working like i would like to implement:

    note 1: Replace (dot) by a .
    note 2: Since i haven't reached the 15 posts quota, i apologize but this is the only way i can post the above link
    obs: If you look carefully, you'll see that it looks like has if the private ip is talking directly to the public ip (and vice-versa) like if it was being routed.

    So, how can i do this? i'm a little bit confused on what type(s) of nat do i need, so to be able to replicate the i need a:

    - port restricted cone nat?
    - nat reflection / hole punching?
    - hairpin translation ?
    - other ?

    ...and how can i implement this with iptables? do i need to forward/nat through loopback?

    if someone could share some shed of light i would appreciate it.

    btw: i'm trying to implement this on a draytek using a special/modified version of openwrt...
    Last edited by Keeper75; 01-22-2012 at 04:09 AM. Reason: changed to a shorter capture...

  2. #2
    Hi for me it looks like a simple forward.

    The two networks you mentioned are on one router.

    All that needs to be done is:
    - enable forward (since it's a router that should be done already)
    - check iptables forward rules

    iptables -A FORWARD -i eth0.1 -d eth0.2 -j ACCEPT
    iptables -A FORWARD -i eth0.2 -d eth0.1 -j ACCEPT

    Tells that all traffic from network interface 0.1 to 0.2 is allowed.
    second row likewise the other side.

    That should be it.

  3. #3
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    First of all, it doesn't look like as if what you want is a NAT! To me it would look like you would want to merge both subnets ( That would be the easiest thing to do, but obviously with the sideeffect that every host in both of the subnets can then talk to each other. If that's not wanted, you could setup the router to route packets from one subnet into the other.

    And here you can read up how that is done:

    $ man route

  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts