Re: NAT Reflection on Gateway with DHCP Address

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
On Sun, Apr 8, 2012 at 19:31, /dev/rob0 <rob0@xxxxxxxxx> wrote:
> On Sun, Apr 08, 2012 at 06:42:51PM -0700, Aaron Clausen wrote:
>> Hence the need of reflection/loop back/whatever-you-call-it.
>
> And I gave you two links to tell you how to do that.

Okay, I've written rules in the form specified by the links you
provided. I have run up against another issue, one probably specific
to my situation.

To support the old subnet address range (192.168.1.0/24) as well as
the new range (10.0.0.0/23) I have created two IP addresses for my
internal interface; the primary being 10.0.0.1 and the old subnet
address being 192.168.1.254.  ifconfig shows it this way:

eth1      Link encap:Ethernet  HWaddr 00:1f:f2:04:d5:8f
          inet addr:10.0.0.1  Bcast:10.0.1.255  Mask:255.255.254.0
          inet6 addr: fe80::21f:f2ff:fe04:d58f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:202969887 errors:0 dropped:144568 overruns:0 frame:0
          TX packets:205166492 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1293204194 (1.2 GiB)  TX bytes:1956912187 (1.8 GiB)
          Interrupt:18 Base address:0xde00

eth1:1    Link encap:Ethernet  HWaddr 00:1f:f2:04:d5:8f
          inet addr:192.168.1.254  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:18 Base address:0xde00

What I've noticed with the rules from the links is that I can, from
the 10.0.0.0/23 subnet, access any port forwarded back to an internal
server providing the server is on the 192.168.1.254 subnet, but no
host sitting on the new subnet gets the loopbacked port forwarding.
They are all sitting on the same physical segment, it's just two
different addresses spaces.

Any explanation?


-- 
Aaron Clausen
mightymartianca@xxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]     [Linux Kernel Networking Development]     [Linux Networking Development]     [Linux Kernel Development]     [Linux Resources]     [LARTC]     [Bugtraq]     [Consulting]     [Free Internet Dating]     [Yosemite Forum]     [Photo]

Add to Google Powered by Linux