Re: ipnat with alias?

"Gretch" <gretchen@xxxxxxxxxxxx> writes:

Will someone tell me please how to enable nat for the alias on an interface,
if that is indeed what I need here? Or do I just need a route? The goal is
to have the 10/16 communicate with the 192.168.1/24. The 10/16 get to the
Internet fine through the sip0 primary address, and the 192.168.1/24 can
ping the 10/16. The 10/16 cannot ping the 192.168.1/24 however.

It's hard to tell whether you need NAT but I suspect you
don't. Roughly speaking NAT is needed when you have

bunch of machines ---- router ---- bunch of machines

such that the addresses of one bunch are *unroutable* from the other
bunch's point of view.

The typical example is when one bunch are on an "internal" network and
have 10/8 or 192.168/16 addresses and the other bunch is "the
internet", because addresses like 10/8 are reserved for local use and
a random machine on the internet will not, of course, have a route for
them.

In such a situation the unroutable addresses need to be translated
(NAT) into routable addresses, and since in the typical example above
the router is the gateway to "the internet" it will, presumably, have
a routable address on that side.

Your situation, on the other hand, seems to be that the machines on
both sides of the router are within your control, so if you can
specify the required routing for all those machines the router will
not need to do NAT.

The basic topology on a 2-interface i386 NetBSD 3.1 is:

10/16 :rtk0 <--> sip0: w.x.y.124/30 && alias 192.168.1/24

Currently I have:

$ grep defaultroute rc.conf
defaultroute="w.x.y.125"

But what are the routing tables on all your machines? That's what
really matters. If your machines aren't even sending packets to your
router it's not going to matter what your router thinks it should do
with them once it has them.

Cheers,

- Joel
.

Relevant Pages

  • Re: moved a working network, now it doesnt work
    ... router I can ping the internet with no problem. ... From one of your Linux machines can you ping the FA 0/1 interface (default ... are NOT natting so if CAN ping from the router, ...
    (comp.dcom.sys.cisco)
  • Re: moved a working network, now it doesnt work
    ... router I can ping the internet with no problem. ... From one of your Linux machines can you ping the FA 0/1 interface (default ... are NOT natting so if CAN ping from the router, ...
    (comp.dcom.sys.cisco)
  • Re: Routing with iproute2
    ... via an ADSL modem/router that is acting like a router. ... Doesn't your router do NAT? ... internet routable subnet, they can't. ...
    (uk.comp.os.linux)
  • Re: router help needed ....urgent
    ... now what i need is that all my traffic for internet ... >> routing or PBR on cisco, ... If both links are to the same ISP router then you can use BGP ... Why not just put the 2 internet feeds into a hub/switch and connect the router by 1 ethernet port and use IP routing and NAT to determine the best route to use. ...
    (comp.dcom.sys.cisco)
  • Re: Black Ice and smb
    ... That way you will not get the message from BlackIce. ... behind the router. ... Since you are behind two firewalls with both your machines, ... When you're connected to the Internet ...
    (comp.security.firewalls)
Loading