Order Tray | Contact Us | Home | SIG Lists

[nos-bbs] Routers and NAT

Barry k2mf at ptd.net
Mon Mar 1 08:32:09 UTC 2010


On Sun, 28 Feb 2010 18:50:06 -0800 (PST), Kerry Smith
<n3nxo at yahoo.com> wrote:

> What i'm seeing in the Linksys is this...

Generally, Linksys routers work very well for passing IPIP
to the device on your LAN that is set as the target for
DMZ.  I used one for years here.  Your encapsulating gateway
must then reside *behind* the NAT router on your LAN.

> I Test a telnet connection into the Nos box.  On the ETH0
> trace, I see the packet come in from the external NON 44
> IP to the Internal box IP, such as -- source 24.24.24.24
> Dest 192.168.0.100.
> 
> I then see on the encap trace, the packet DE Encapsulated
> such as -- source 24.24.24.24 Dest 44.80.32.186.
> 
> The nos box responds to the 24.24.24.24 with a packet such 
> as -- source 44.80.32.186 Dest 24.24.24.24.
> 
> This ip does not get encapsulated since the destination is
> a NON 44 addy.  This is VERY Normal.
> 
> If I connect directly to the DSL Modem and hard code my static
> ip into the box, everything talks.  Works both ways and all.
> (this is without the linksys router).

You need to have a way to "policy route" your packets at the
encapsulator (gateway) by source IP address, and then tunnel
(encapsulate) them to a gateway somewhere outside your network
that is NOT source address filtered (SAFed).

To the best of my knowledge, there is no mechanism to do that
in JNOS.

-- 
73, de Barry, K2MF >>
k2mf at ptd.net

Einstein's definition of insanity:

"Doing the exact same thing over and over again,
expecting different results."




More information about the nos-bbs mailing list