Re: ipnat problem with two LAN networks

[Frank Wille <frank%phoenix.owl.de@localhost>]

On Tue, 24 Jan 2012 16:14:22 +0100
Rhialto <rhialto%falu.nl@localhost> wrote:

> > Now I have the problem that I can ping 10.0.0.2 from 192.168.0.3,
> > but no TCP connection is possible. tcpdump shows a connection to
> > 10.0.0.2 but the reply is coming from 192.168.0.2, which I think is
> > normal, because of the NAT. But nothing happens.
> 
> It looks to me like you're using the NAT in the wrong direction here.
> You can connect from 10.0.0.2 to 192.168.0.3, but not the other way
> around.

The direction is intended. I must NAT-map all 10.0.0.0 hosts into a
192.168.0.0 address, to be able to access the WAN over 192.168.0.1.
The WAN-router won't accept connections from the 10-net.

But the connection between 10.0.0.0 and 192.168.0.3 must also work.


> > My precise question is:
> > Is there any way to exclude connections between the 10.0.0.0 and the
> > 192.168.0.3 network from NAT? I think this would solve the problem.
> > Only accesses from 10.0.0.0 to an address beyond the 192.168.0.0
> > network should be NAT translated.
> 
> Maybe you can use some "fast" rules before the "map" rules in the hope
> that they get processed first... but I wouldn't count on it.

But which? My problem is that I cannot even think of a rule which can
help me in this case. There is no "exclude" rule.


> Maybe you can do a NAT in 192.168.0.1, mapping only 10.0.0.0/24
> addresses..

That could be a solution. Unfortunately I have no root access on 192.168.0.1.


-- 
Frank Wille