Re: ipnat problem with two LAN networks

[Rhialto <rhialto%falu.nl@localhost>]

On Tue 24 Jan 2012 at 13:55:58 +0100, Frank Wille wrote:
>                               |
> Network 192.168.0.0/24        |
> ------------------------[192.168.0.1]---[192.168.0.2]---[192.168.0.3]--------
>                                                |
                                                NAT
> Network 10.0.0.0/24                            |
> ------------------------------------------[10.0.0.1]------[10.0.0.2]---------
> 

> Now I have the problem that I can ping 10.0.0.2 from 192.168.0.3, but
> no TCP connection is possible. tcpdump shows a connection to 10.0.0.2
> but the reply is coming from 192.168.0.2, which I think is normal,
> because of the NAT. But nothing happens.

It looks to me like you're using the NAT in the wrong direction here.
You can connect from 10.0.0.2 to 192.168.0.3, but not the other way
around.

> My precise question is:
> Is there any way to exclude connections between the 10.0.0.0 and the
> 192.168.0.3 network from NAT? I think this would solve the problem. Only
> accesses from 10.0.0.0 to an address beyond the 192.168.0.0 network
> should be NAT translated.

Maybe you can use some "fast" rules before the "map" rules in the hope
that they get processed first... but I wouldn't count on it.

Maybe you can do a NAT in 192.168.0.1, mapping only 10.0.0.0/24
addresses..

> Frank Wille
-Olaf.
-- 
___ Olaf 'Rhialto' Seibert  -- There's no point being grown-up if you 
\X/ rhialto/at/xs4all.nl    -- can't be childish sometimes. -The 4th Doctor