http://www.iptables.org/documentation/HOWTO/netfilter-double-nat-HOWTO.html#toc6
I have a similar situation. One network via a VPN is on the
192.168.1.0/24 network and my locally wired network is on the
192.168.1.0/24 network as well.
Let me try and draw a crude diagram of what is going on...
John and Rita's house...
|------------------------|
| 192.168.1.0/24 |
||----------------------||
||192.168.1.35 ||
||----------------------||
|------------------------|
|
|
|-------------------|
| Special Minnesota |
|-------------------|
|
|
|
Physical-Boundary-Physical-Boundary-Physical-Boundary
|
|
/------\
| Net |
\------/
|
|
Physical-Boundary-Physical-Boundary-Physical-Boundary
|
| In the Office...
|
|-------------------| |-------------------|
| | | 192.168.0.0/24 |
| FVX 538 Scappoose | ||-----------------||
| | || Netgear 802.11G ||
| 192.168.0.1 ! |------| ||
| 216.151.30.109 | | || 192.168.0.? ! ||
| | | ||-----------------||
|-------------------| | | | |
| ||-----------------||
| || Andrew computer ||
| || ||
| || 192.168.0.? ! ||
| ||-----------------||
| |-------------------|
|
Server room... |
|
|----------------| |
| Dodo | |
| 192.168.0.? ! |-----/
| |
| 192.168.4.1 $ |------\
| 192.168.3.1 * | |
| 192.168.3.17 ^ | |
|----------------| |
| |
| |
|------------------| |
| 192.168.1.0/24 | |
| | |
||----------------|| |
|| Web || |
|| 192.168.1.1 || |
|| 192.168.3.18 ^ || |
|| 216.151.30.106 || |
||----------------|| |
| | |
||----------------|| | In Well house...
|| Goose || |
|| 192.168.1.2 || | |----------------|
|| 192.168.4.2 $ |-----/ | Condor |
|| || | |
|| 192.168.4.18 % |---------| 192.168.4.17 % |---->
|| 216.151.30.107 || | 192.168.4.33 |
||----------------|| |----------------|
| |
||----------------||
|| Xerxes ||
|| 192.168.1.4 ||
|| 192.168.3.2 * ||
|| 216.151.30.108 ||
||----------------||
| |
||----------------||
|| Bluejay ||
|| 192.168.1.35 ||
||----------------||
| . |
| . |
| . |
|------------------|
! These addresses are in the 192.168.0.0/24 network.
* These addresses are in the 192.168.3.0/28 network.
^ These addresses are in the 192.168.3.16/28 network.
$ These addresses are in the 192.168.4.0/28 network.
% These addresses are in the 192.168.4.16/28 network.
I show the links between goose, condor, and dodo for emphasis, but
I don't go ahead and show all links for all networks. In a way,
dodo and condor are part of goose as they get their root file
system from goose.
BIG NOTE IS THAT GOOSE HAS 3 NAMES ;-)
Please note that dodo is on $ network, boots via goose (192.168.4.2)
or gw2-s1.w2.robinson-west.pri.
Please note that condor is on % network, boots via goose (192.168.4.18)
or gw2-s2.w2.robinson-west.pri.
=======================================================================
Can you see the problem from this diagram? Question is, should I
renumber to get Bluejay to stop conflicting with the server on the other
network or should I go the double nat route?
I'm thinking of using 192.168.5.0/28 on Dodo, NAT box 1, and on the
Minnesota side, NAT box 2 will need to use say 192.168.5.16/28. So I
can map web to 192.168.5.2, goose to 192.168.5.3, and xerxes to
192.168.5.4. On the Minnesota side 192.168.5.18 can be mapped to
192.168.1.35. I am not currently source nat'ing on Dodo (except for the
route to goose) where I am concerned that it might screw things up. I
want to route from Minnesota through either web or xerxes depending on
which one I am using at the moment. So I source nat on dodo to either
192.168.3.17 or 192.168.3.1. Let's say that the source from Minnesota
is 192.168.5.1. The source from Scappoose going to Minnesota will be
say 192.168.5.17. I'll have to check to see if I will be SNATing on the
Scappoose side from 3.x or 1.x. The problem is, I have more routers
involved than the double nat HOWTO has.
_______________________________________________
PLUG mailing list
PLUG@lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
