[SOLVED] Re: Ubuntu Server with 2 NICs, help with routing
Roland Hill
roland.lists at hillnet.co.nz
Mon Mar 24 08:29:33 UTC 2014
On Mon, 24 Mar 2014 or thereabouts, Karl Auer came forth with:
> On Mon, 2014-03-24 at 19:46 +1300, Roland Hill wrote:
> > If I add the following iptable rules it [works]:
> > # iptables --table nat --append POSTROUTING --out-interface eth0 -j
> > MASQUERADE
> > # iptables --append FORWARD --in-interface p3p3 -j ACCEPT
>
> Hm! That's a variant of "there's a routing problem". And yes, it makes
> sense (I think).
>
> The first line is NAPT-ing all addresses 192.168.0.0/24 to 10.0.0.2. The
> router is probably only NAPT-ing 10.0.0.0/16, because that's the network
> on its inside interface. I'm guessing that the router is not smart
> enough to do NAPT on multiple address ranges. Look into that; you might
> be able to avoid double-NAPT-ing. Which is what you have now - the
> server is NAPT-ing outbound packets with source address 192.168.1.0/24,
> then the router NAPTs everything with source address 10.0.0.0/16.
>
> See if you can configure the router to do NAPT for multiple source
> address ranges. If you can, then you can get rid of the
> double-NAPT-ing. If you can't, invest in something like a MikroTik
> RB951G, switch the Vodaphone-supplied router into bridge mode and go
> wild, because MikroTiks can do *anything* :-)
>
> You're in New Zealand, right? These guys are good:
> http://www.gowifi.co.nz or this Oz company will ship to you:
> http://www.duxtel.com.au.
>
> Not quite sure why the second line would be needed unless you have a
> default policy of "don't forward".
Hi Karl,
Thanks for running through this. Sucess was measure by me in this case by
the mere fact I got the internet up, not by the method I did it :-)
I didn't add the iptable rules from a position of knowledge, and yes
double NAT'ing wasn't my first choice.
Armed with your great thoughts above I can now look at fine tuning my
setup. It isn't immediately apparent to me that the Vodafone modem/router
can NAT on multiple source address ranges, nor work in bridge mode, so I
made need to look at some different kit.
Thanks again....you got me heading in the right direction.
--
Regards,
Roland
PGP Key 0xDA39319B = BCF0 1214 BAE9 5A3D 46FC 21A6 360D 9398 DA39 319B
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20140324/70e84415/attachment.sig>
More information about the ubuntu-users
mailing list