I have a VPN unit (address 10.0.1.2) that only replies to predefined
IP
addresses, and therefore it is not possible to connect to it if I have
a
dynamic IP address from my ISP. To avoid this problem, I placed a
linuxrouter
(with static IP address) in front of the unit which should
receive the
connections from the internet (and DNAT the destination to
10.0.1.2), so that the router could
change the source address of the packets
heading to 10.0.1.2 into addresses
predefined in the unit (predef. addr:
10.0.1.5-10.0.1.10).
What happens now, is that the unit listens to port 2059, and the source
port
of incomming packets are 30xx (x=random). When the unit replies, he
sends at
31xx to the port 2059 at the destination IP (which he thinks is
10.0.1.5 or
something) Iptables does not seem to understand that this packet
is supposed
for the same machine that sendt the first message, and it stops
in the router
sayin something like:
icmp: udp port 2059 closed.
The
following nat entries where set:
itables -t nat -A PREROUTING -i eth0 -j DNAT --to 10.0.1.2
iptables -t nat -A POSTROUTING -o eth1 -j SAME --to 10.0.1.5-10.0.1.9
Is there a way of letting the unit connect to the PC which sent the
original
packed?
I'll be happy to provide any additional information needed.
Thanks in advance
Regards Frank T.
PS!
I have tested the connections using static internet address, and the
connections are successful. The rules where
itables -t nat -A PREROUTING -i eth0 -j DNAT --to 10.0.1.2
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to 10.0.1.5
itables -t nat -A PREROUTING -i eth1 -j DNAT --to 155.xxx.xxx.248
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 155.xxx.xxx.247
