[nos-bbs] Jnos & NAT

(Skip) K8RRA k8rra at ameritech.net
Wed Sep 10 12:27:30 EDT 2008 

Greetings to the jnos networking grues...

I have tried to marry jnos and NAT with disheartening results.  I wonder
if I've chosen an impossible combination?

The objective is this:
I'd like to use any browser on the LAN my jnos is hooked to in order to
see what http servers from various jnos sites are serving up.  Simple
enough?

My Linux workstation 192.186.1.32 on gfvhome.org private domain at
192.168.1.0/24 has the jnos task on F4 console.  My jnos is
k8rra.ampr.org 44.102.132.20 with tun0 linking jnos stack to the LAN.

In addition I have tango.k8rra.ampr.org 44.102.132.46 registered and
chose to masquerade this address using NAT function of iptables on the
workstation holding jnos.  Therefore as a first step toward my objective
I added to autoexec.nos:
  1) a arp broadcast to cause my jnos to collect ...46 packets as;
       arp publish 44.102.132.46 ax25 K8RRA-1 vhf
  2) a route to direct ...46 traffic to the host as;
       route add 44.102.132.46 tun0
And I also added a couple rules in iptables to process tun0 traffic with
SNAT packets from 192.168.1.32 and DNAT from 44.102.132.46.

So after doing all that, and issuing a ping to my neighbor node from the
workstation terminal, I see what appears to be a valid packet go out and
return on the RF port  -->  so it seems much of the setup works
correctly.  BUT, rather than placing the incoming response packet on to
tun0, my jnos responds to my neighbor over RF with "ICMP: type
Unreachable code Host".  so I'm baffled.  After searching the jnos menu
of commands for a solution without success, I'm turning to someone who
has already been successful for help.

My present opinion is that jnos has erred in responding "UNREACHABLE"
after receiving that packet addressed to ...46.  It seems to me that
jnos has been directed to place the ...46 traffic on to tun0 interface
to dispose of it rather than processing the ICMP response.  Clearly my
configuration could be [probably is] wrong.

Perhaps in error I stopped testing with the ping response and did not
further test the browser [or other service] packet handling.  OOPS?

If anyone has gone down this path successfully before, could you help
straighten out my configuration?

73
de [George (Skip) VerDuin] K8RRA k

More information about the nos-bbs mailing list