[nos-bbs] Routers and NAT

George [ham] VerDuin k8rra at ameritech.net
Sun Feb 28 17:27:30 EST 2010

Hi Kerry.

On 02/28/2010 03:43 PM, Kerry Smith wrote:
> I have a Linksys Router which I started to use and have found the
> following problem.  When putting JNOS on the DMZ Port, I CAN
> receive the encapsulated packets, but when nos sends back out, it
> will not nat the 44 ip addy.
To make sure I understand:  After jnos encaps the 44... packet, the 
Linksys will not NAT the LAN IP thus breaking any reply packets from the 
remote end?

One thing I noticed in earlier work is that some routers refuse to do 
anything with IPs falling outside the LAN IP address set.  Addresses may 
only differ "inside" the netmask definition.  Thus the workaround is a 
tun configuration for the tun device with a LAN address [not 44...] on 
the jnos stack side prevents the router from seeing any 44... IP.

> Does anyone have a copy of the said config for the router, or does
> anyone have a work around that I can use to fix this problem?
Nothing on specific router configs -- however I'd LOVE to include this 
kind of info in the jnoswiki.

Sometimes I hear the advise "Go to Salvation Army and get an old slow 
desktop, load Linux, and use iptables for your firewall.  If the BIOS 
supports LAN boot, then pull the HD and use PXEboot, unless you want to 
also put a proxy on the same host."  After having a few iptables 
failures of my own [lack of training] I shirk from such advise.

> Again, I've got Static IP, into a DSL Router (IN Bridge Mode).
> This when connected to the nos box works perfect.  BUT, when I
> try to add in the home network, the CHEEP consumer routers kill
> me off.  The linksys router doesn't have the option for DD-WRT.
Best of luck with this one.

More information about the nos-bbs mailing list