Order Tray | Contact Us | Home | SIG Lists

[nos-bbs] Routers and NAT

Barry k2mf at ptd.net
Mon Mar 1 08:32:09 UTC 2010

On Sun, 28 Feb 2010 18:50:06 -0800 (PST), Kerry Smith
<n3nxo at yahoo.com> wrote:

> What i'm seeing in the Linksys is this...

Generally, Linksys routers work very well for passing IPIP
to the device on your LAN that is set as the target for
DMZ.  I used one for years here.  Your encapsulating gateway
must then reside *behind* the NAT router on your LAN.

> I Test a telnet connection into the Nos box.  On the ETH0
> trace, I see the packet come in from the external NON 44
> IP to the Internal box IP, such as -- source
> Dest
> I then see on the encap trace, the packet DE Encapsulated
> such as -- source Dest
> The nos box responds to the with a packet such 
> as -- source Dest
> This ip does not get encapsulated since the destination is
> a NON 44 addy.  This is VERY Normal.
> If I connect directly to the DSL Modem and hard code my static
> ip into the box, everything talks.  Works both ways and all.
> (this is without the linksys router).

You need to have a way to "policy route" your packets at the
encapsulator (gateway) by source IP address, and then tunnel
(encapsulate) them to a gateway somewhere outside your network
that is NOT source address filtered (SAFed).

To the best of my knowledge, there is no mechanism to do that
in JNOS.

73, de Barry, K2MF >>
k2mf at ptd.net

Einstein's definition of insanity:

"Doing the exact same thing over and over again,
expecting different results."

More information about the nos-bbs mailing list