Re: [SLUG] OT?? port/route/???

[Crossfire <xfire@xxxxxxxx>]

Alister Waller was once rumoured to have said:
> I have setup a nat entry for the port 9006 to be forwarded to the internal
> Linux machine on 192.168.X.X
> 
> If I am on the local LAN I can telnet to the 9006 port using the Linux PC's
> Local IP address. (i get garbage but it connects)
> If I am at Home I can telnet to the port using the external IP address of
> the modem/router. (static IP 202.7.X.X)
> 
> If I try and telnet to the port using the external IP address, while on the
> local LAN, it does not connect.

This is the imfamous "NAT on a local subnet" problem.

Your packets are getting their destination rewritten so they go to the
linux box you're trying to connect to, but because the source address
is on the same subnet at the linux box, its sending replies directly,
which aren't being subjected to the reverse translation.

Basically, the solution?  "Don't do that", or configure the linux box
with a network of 255.255.255.255, and point its default route at the
alcatel, so it always hands packets to the alcatel to forward.

Not trying to do things that way is a bit easier and a lot more
efficient.

If you were using linux 2.4 as your NAT router, you'd apply both a
SNAT and DNAT to the traffic in that circumstance, and that'd fix the
problem.

C.
-- 
--==============================================--
  Crossfire      | This email was brought to you
  xfire@xxxxxxxx | on 100% Recycled Electrons
--==============================================--