[nos-bbs] Routers and NAT
George [ham] VerDuin
k8rra at ameritech.net
Sun Feb 28 17:27:30 EST 2010
Hi Kerry.
On 02/28/2010 03:43 PM, Kerry Smith wrote:
> I have a Linksys Router which I started to use and have found the
> following problem. When putting JNOS on the DMZ Port, I CAN
> receive the encapsulated packets, but when nos sends back out, it
> will not nat the 44 ip addy.
>
To make sure I understand: After jnos encaps the 44... packet, the
Linksys will not NAT the LAN IP thus breaking any reply packets from the
remote end?
One thing I noticed in earlier work is that some routers refuse to do
anything with IPs falling outside the LAN IP address set. Addresses may
only differ "inside" the netmask definition. Thus the workaround is a
tun configuration for the tun device with a LAN address [not 44...] on
the jnos stack side prevents the router from seeing any 44... IP.
> Does anyone have a copy of the said config for the router, or does
> anyone have a work around that I can use to fix this problem?
>
Nothing on specific router configs -- however I'd LOVE to include this
kind of info in the jnoswiki.
Sometimes I hear the advise "Go to Salvation Army and get an old slow
desktop, load Linux, and use iptables for your firewall. If the BIOS
supports LAN boot, then pull the HD and use PXEboot, unless you want to
also put a proxy on the same host." After having a few iptables
failures of my own [lack of training] I shirk from such advise.
> Again, I've got Static IP, into a DSL Router (IN Bridge Mode).
> This when connected to the nos box works perfect. BUT, when I
> try to add in the home network, the CHEEP consumer routers kill
> me off. The linksys router doesn't have the option for DD-WRT.
>
Best of luck with this one.
Skip
More information about the nos-bbs
mailing list