Results 1 to 3 of 3
Hello, I'm having trouble on figuring out exactly how to do the following: I'm trying to forward/route internal private traffic (e.g.: from one PC with IP 192.168.1.100) by using a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 01-21-2012 #1
- Join Date
- Jan 2012
"Special" nating problem...
I'm having trouble on figuring out exactly how to do the following:
I'm trying to forward/route internal private traffic (e.g.: from one PC with IP 192.168.1.100) by using a router internal (br-lan) eth0 interface gateway (192.168.1.1) to a public server ip (188.8.131.52), which only accept connections coming from inside a ALG (Application Layer Gateway) interface, which is named: iptvwan; eth1 interface - 10.20.20.10.
The issue here is: i need that the ip 192.168.1.100 to be visible to the public server, from the iptvwan eth1 interface. I do NOT want to masquerade it - that's what i've got right now implemented (i don't want eth1 interface [10.20.20.10] changing the src ip of packets coming from 192.168.1.100 with it's own 10.20.20.10). I don't mind if there's a PAT...but i do need to keep the outside ip equal to the internal ip.
here it is a diagram of what i'm looking for: fwrd.jpg
Anyway, here are some packets that i've captured on a thomson router, showing it working like i would like to implement:
www(dot)cloudshark(dot)org/captures/22bc1ab5ccf7 note 1: Replace (dot) by a . note 2: Since i haven't reached the 15 posts quota, i apologize but this is the only way i can post the above link
So, how can i do this? i'm a little bit confused on what type(s) of nat do i need, so to be able to replicate the above...do i need a:
- port restricted cone nat?
- nat reflection / hole punching?
- hairpin translation ?
- other ?
...and how can i implement this with iptables? do i need to forward/nat through loopback?
if someone could share some shed of light i would appreciate it.
btw: i'm trying to implement this on a draytek using a special/modified version of openwrt...
Last edited by Keeper75; 01-22-2012 at 03:09 AM. Reason: changed to a shorter capture...
- 01-22-2012 #2
- Join Date
- Dec 2009
Hi for me it looks like a simple forward.
The two networks you mentioned are on one router.
All that needs to be done is:
- enable forward (since it's a router that should be done already)
- check iptables forward rules
iptables -A FORWARD -i eth0.1 -d eth0.2 -j ACCEPT
iptables -A FORWARD -i eth0.2 -d eth0.1 -j ACCEPT
Tells that all traffic from network interface 0.1 to 0.2 is allowed.
second row likewise the other side.
That should be it.
- 01-23-2012 #3
First of all, it doesn't look like as if what you want is a NAT! To me it would look like you would want to merge both subnets (192.168.1.0/24 10.20.20.0/24)? That would be the easiest thing to do, but obviously with the sideeffect that every host in both of the subnets can then talk to each other. If that's not wanted, you could setup the router to route packets from one subnet into the other.
And here you can read up how that is done:
$ man route