Routing trouble

Fri, 12 May 2000 06:01:36 -0700 

Hi out there,

well folks, as I have posted several weeks ago, I want to you NAT, real
NAT - 1:1 :)
Ok, in principal it works. But there is a special case which is not working.

It is not possible to translate the sender AND the receiver in the SAME
packet.

the used ip commands:
ip route add nat 192.168.10.10 via 12.34.56.10
ip rule add prio 320 from 12.34.56.10 nat 192.168.10.10
ip route add nat 192.168.10.11 via 12.34.56.11
ip rule add prio 320 from 12.34.56.11 nat 192.168.10.11

Sample:
If comp A (watch the picture) want to comunicate with comp B. And this with
a
service like ICQ. Then comp A is asking the Server for the address of comp
B.
This will be the external, the natted address of Comp B. (the server only
knows the external address)
After this, comp A sending a request to comp B. But now, comp B is verifing
this address
on the server. And the server says: 192.x.x.x ? don't know this address. And
the
comunication is death. *ARGH*

Why?
Alexey has written in his ip-ref:
The first routing table with a match will be taken. After a route was
executed, the routing procedure
is finished. The first rule (rule 0) points to the local routing table. The
receiver NAT translating is
allways in this table (if you don't tell anything else). If there is an
address to translate, you've got a
match and the routing procedure is ending here, without checking more rules.
So the next rule which is standing for  translating the sender's address
will never be executed.

If you put the NAT route to the main table, behind the NAT rule, then
nothing goes.
Why?
Alexey also writes:
It is important that address standing after keyword nat was some NAT
address, declared by
ip route add nat. If it is just a random address the router will not map to
it.
My understanding is that, a nat rule will never be executed, if there was no
nat route found in a
routing table before nat rule is executing.

Now the BIG question:
How can I tell the routing engine to do both at the same time, translating
the sender AND the receiver
address in the same packet?

Thanks for any answers,

Thomas

routing.gif

Reply via email to