Re: Problem with NAT.

From: Yury Shramko (
Date: Mon Nov 27 2000 - 07:40:13 EST

On Fri, 24 Nov 2000, MONZ wrote:
> Yury Shramko wrote:
> > Standart configuration work well (from internal to Internet and back).
> > But when I try work with host in internal zone through external address
> > I fail (only ping working). As I undestand this take place becose in this
> > case NAT make convertion only dst address and not convert src (but for me
> > need make convert on both dst and src).
> Some simple ascii drawing showing your NAT-router (firewall?) with IP's
> and some info on what can be done from which IP's to which other IP's
> will help here. Is it a Linux router or a firewall? Do you use
> masquerading?...

I use kernel 2.2.17 with ipchans + iproute2.
I have 3 zone, that connected together with tunnel.
In each zone I have fiewall+gateway host . In main zone (Gold) on this
host I make NAT for private address of all zones. Main problem is :
I must make accessible each private host from anyone from external

On GOLD - NAT setup.
ip rule add from nat
ip route add nat via

ip rule add from nat
ip route add nat via
gold- external- tunnel-, NAT to (
iki- external- tunnel-,

office- external- tunnel-,

tunnel gol-iki - -
tunnel gold-office - -
tunnel iki-office - -

Look simple case when I ping from i2 - - NAT) to
i3 - ( - NAT) I get:

i2 - i1 (from to request
i1 - g1 (from to request
g1 - i1 (from to request !!!
      here I would like see (from to request
i1 - i3 (from to request
i3 - i2 (from to reply

In this case only ping will be work. All other programs fails.
May be I incorrectly setup nat ?

For this simple case I have desigen - NAT+Masquerade but it work only for
simple case.

With best regards
Yury Shramko

To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to

This archive was generated by hypermail 2b29 : Thu Nov 30 2000 - 21:00:28 EST