HPE Community
Operating System - Linux
1825667 Members
4663 Online
109686 Solutions
New Discussion

Re: IP Tables Question

 
Admin32
Advisor

‎01-10-2003 04:55 AM

‎01-10-2003 04:55 AM

IP Tables Question

Hi Everyone,

I've been trying to test a new setup which is slightly tricky and I wanted to find out if anyone knows if it will work, or has already tried it:

Network 1<--->Gateway<--->Network 2--NATrouter>---->Internet

Explaination:

We have a router which performs NAT overload (Dynamic Nat with port translation), this router connected network 2 to the internet, so all hosts in network 2 (including gateway) can access the internet.

The gateway server though is also connected to another network, thats Network 1.
By configuring the Gateway server to perform Dynamic Nat with Port translation, will hosts on network 1 be able to access the internet ?

Logically, I would say yes, but I am not 100% sure if a problem arises with the packets originating from network 1, since they will be nat'ed twice (once through gateway server, and once through the router).

Any ideas ?

Cheers,
0 Kudos
Reply
4 REPLIES 4
Jochen Heuer
Respected Contributor

‎01-10-2003 05:03 AM

‎01-10-2003 05:03 AM

Re: IP Tables Question

Hi,

although I have not tested it I don't think this should be a problem (famous last words) ...

Jochen
Well, yeah ... I suppose there's no point in getting greedy, is there?
0 Kudos
Reply
Kodjo Agbenu
Honored Contributor

‎01-12-2003 02:04 PM

‎01-12-2003 02:04 PM

Re: IP Tables Question

hi,

For me, it should work. Seen from the NATrouter, the gateway is considered as a normal host.

Good luck.

Kodjo
Learn and explain...
0 Kudos
Reply
Benny Chandra
Occasional Advisor

‎01-14-2003 08:04 PM

‎01-14-2003 08:04 PM

Re: IP Tables Question

For outgoing packet, I'm sure it will be OK. The NATrouter will see host in network 1 as Gateway.

But for the reply packet, I'm not so sure whether a simple NAT rule in Gateway or NATrouter will work, although I don't know the exact configuration.
0 Kudos
Reply
Trever Furnish
Regular Advisor

‎01-15-2003 05:49 AM

‎01-15-2003 05:49 AM

Re: IP Tables Question

Of course it will work.

For simplicity's sake, let's assume that by "Network 1" and "Network 2", you're refering to segments with only one subnet on each of them.

NATrouter:
- needs a route added to its routing table that says "Network 1" is on Gateway.

Gateway:
- needs a default route pointing to NATrouter.

Network 1 clients:
- default gateway is Gateway

Network 2 clients:
- default gateway is NATrouter

The packets going through Gateway should NOT be NAT'd by Gateway - why would you do that? It should just forward the packets on (ie route them), not translate them.

If for some reason (that I can't even imagine), you do want to do NAT for Network 1 on Gateway instead of doing it on NATrouter, you can do that but the clients on Network 2 will have no way of initiating contact with the clients on Network 1. The clients on Network 1 *will* be able to initiate contact with the clients on Network 2.

Since you control both subnets, technically you *could* make nat work on both boxes for both subnets, but again, why would you do that?

Only run NAT on your edge routers - never NAT internal traffic, it's just wasteful.
Hockey PUX?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.