[nos-bbs] Routers and NAT

Kerry Smith n3nxo at yahoo.com
Sun Feb 28 21:50:06 EST 2010 

What i'm seeing in the Linksys is this...

I Test a telnet connection into the Nos box.  On the ETH0 trace, I
see the packet come in from the external NON 44 IP to the Internal
box IP, such as -- source 24.24.24.24 Dest 192.168.0.100

I then see on the encap trace, the packet DE Encapsulated
such as -- source 24.24.24.24 Dest 44.80.32.186

The nos box responds to the 24.24.24.24 with a packet such 
as -- source 44.80.32.186 Dest 24.24.24.24

This ip does not get encapsulated since the destingation is
a NON 44 addy.  This is VERY Normal.

If I connect directly to the DSL Modem and hard code my static
ip into the box, everything talks.  Works both ways and all.
(this is without the linksys router)

--- On Sun, 2/28/10, George [ham] VerDuin <k8rra at ameritech.net> wrote:

> From: George [ham] VerDuin <k8rra at ameritech.net>
> Subject: Re: [nos-bbs] Routers and NAT
> To: nos-bbs at tapr.org
> Date: Sunday, February 28, 2010, 5:27 PM
> Hi Kerry.
> 
> On 02/28/2010 03:43 PM, Kerry Smith wrote:
> > I have a Linksys Router which I started to use and
> have found the
> > following problem.  When putting JNOS on the DMZ
> Port, I CAN
> > receive the encapsulated packets, but when nos sends
> back out, it
> > will not nat the 44 ip addy.
> >    
> To make sure I understand:  After jnos encaps the
> 44... packet, the Linksys will not NAT the LAN IP thus
> breaking any reply packets from the remote end?
> 
> One thing I noticed in earlier work is that some routers
> refuse to do anything with IPs falling outside the LAN IP
> address set.  Addresses may only differ "inside" the
> netmask definition.  Thus the workaround is a tun
> configuration for the tun device with a LAN address [not
> 44...] on the jnos stack side prevents the router from
> seeing any 44... IP.
> 
> > Does anyone have a copy of the said config for the
> router, or does
> > anyone have a work around that I can use to fix this
> problem?
> >    
> Nothing on specific router configs -- however I'd LOVE to
> include this kind of info in the jnoswiki.
> 
> Sometimes I hear the advise "Go to Salvation Army and get
> an old slow desktop, load Linux, and use iptables for your
> firewall.  If the BIOS supports LAN boot, then pull the
> HD and use PXEboot, unless you want to also put a proxy on
> the same host."  After having a few iptables failures
> of my own [lack of training] I shirk from such advise.
> 
> > Again, I've got Static IP, into a DSL Router (IN
> Bridge Mode).
> > This when connected to the nos box works
> perfect.  BUT, when I
> > try to add in the home network, the CHEEP consumer
> routers kill
> > me off.  The linksys router doesn't have the
> option for DD-WRT.
> >    
> Best of luck with this one.
> Skip
> 
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
>

More information about the nos-bbs mailing list