Results 1 to 5 of 5

Thread: NAT connectivity question

  1. #1

    NAT connectivity question

    Hi,

    I'm trying to use NAT to make a remote control on a computer at work.

    The computer by itself is behing a company firewall, and it might change IP adress between each packet.

    It I'm setting up a normal router (ie non firewall, an airport express), I can NAT the port 443 to my home computer 192.168.1.10 to port 82. The connection is properly establised by the work computer, and I can remote control properly.

    Now, I'm trying to do the same with the wl-hdd with Oleg latest firmware.

    I've set up a vitrual server, the same way, but I only get the first packet. Next ones are lost. I don't know if this behaviour is caused by a bad setting, or because the work firewall can use 4 IP to conenct to internet, and it might change between each connection.

    What I do not undestand is why it is working with a simple NAT device, and not with iptables.

    I've tryed setting firewall off, just to see. No more result.

    Also, I've been trying some other conference program, using video and sound, and I have the same trouble setting it up, when my other NAT router work.

    On the other side, emule is perfectly NATing on wl-hdd.

    Here is my iptable result:

    Code:
    [admin@wl-hdd root]$ iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
    ACCEPT     all  --  anywhere             anywhere
    TCPMSS     tcp  --  anywhere             anywhere           tcp flags:SYN,RST/SYN tcpmss match 1453:65535TCPMSS set 1452
    ACCEPT     tcp  --  anywhere             192.168.1.5        tcp dpt:4662
    ACCEPT     tcp  --  anywhere             192.168.1.10       tcp dpt:82
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain MACS (0 references)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
    DROP       all  --  anywhere             anywhere           state INVALID
    ACCEPT     all  --  anywhere             anywhere
    TCPMSS     tcp  --  anywhere             anywhere           tcp flags:SYN,RST/SYN tcpmss match 1453:65535TCPMSS set 1452
    
    Chain logaccept (0 references)
    target     prot opt source               destination
    LOG        all  --  anywhere             anywhere           state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
    ACCEPT     all  --  anywhere             anywhere
    
    Chain logdrop (0 references)
    target     prot opt source               destination
    LOG        all  --  anywhere             anywhere           state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP'
    DROP       all  --  anywhere             anywhere
    
    [admin@wl-hdd root]$ iptables -t nat -nL
    Chain PREROUTING (policy ACCEPT)
    target     prot opt source               destination
    DNAT       tcp  --  0.0.0.0/0            84.99.8.117        tcp dpt:4662 to:192.168.1.5:4662
    DNAT       tcp  --  0.0.0.0/0            84.99.8.117        tcp dpt:443 to:192.168.1.10:82
    
    Chain POSTROUTING (policy ACCEPT)
    target     prot opt source               destination
    MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0
    MASQUERADE  all  --  192.168.1.0/24       192.168.1.0/24
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    I don't see any trouble here: incoming port 443 is redirected to 192.168.1.10:82

    Any idea? somebody had the same trouble? Should I change MASQUERADE to SNAT?

  2. #2
    can NETMAP be a solution? I cannot find any logical reason for it not to work. On wl-hdd, there is only two modes: home gateway and AP. Maybe this is the culprit?

    Also, I've checked the source has always the same adress.

  3. #3
    Ok, let's rephrase the question: How can I setup a NAT connection intiated from the outside? does the MASQUERADE way dissallow this?

  4. #4
    Join Date
    May 2004
    Location
    Moscow, Russia
    Posts
    50
    Quote Originally Posted by hugo
    Ok, let's rephrase the question: How can I setup a NAT connection intiated from the outside? does the MASQUERADE way dissallow this?
    Once again:
    Computer you want to control is behind the NAT?
    If so, you may want to arrange tunnel from there to some computer in "Realland" (I mean not NATed with real IP address), and from that computer reach computer to control through tunnel. I do that with ASUS box as computer to control, using dropbear.
    If this is the case - let me know I'll post details of my setup here.
    HTH
    Roofcat

  5. #5
    Here is my setup

    Work computer ---- Company Firewall (open port 80 and 443 for access to internet) --- Internet ---[ppp0 adress] WL-HDD (with any NAT configuration needed)[192.168.1.1] ---- [192.168.1.10]

    On the work computer, a remote control program host is running, and try to reach my ppp0 address defined by dyndns on port 443

    It should be nated to my home computer 192.168.1.10 on port 443 or 82 (I can choose any port to receive the connection)

    When my home computer receive the request, the conenction is established and I can control the owrk PC.

    I cannot define rules on the company firewall (I don't want to)

    I can only use NAT to redirect this connection on port 443 to my PC.

    Of ocurse, I can use SSH, and create a tunnel. But this would mean to keep the connection permanent, and would use ressouces on the wl-hdd. I cannot be a viable solution for 10 work PC in 10 different company.

    As I said in my first post, the NAT setup from a simple gateway (my airport express) is working. Problem is how to do that with iptables. From my reading, the masquerade setup is not working for connection initiated from the outside.

    I'm sure the wl-500g can offer other mode, but the custom firmware on wl-hdd only offer the full firewalled home gateway profile to connect to internet using pppoe.

    Any body has a setup for a web server NATed inside it's network?

Similar Threads

  1. LAN devices lose connectivity?
    By tomilius in forum WL-500g Q&A
    Replies: 11
    Last Post: 26-03-2005, 23:51
  2. [WLAN] Nokia D211 connectivity
    By perms in forum WL-500g Q&A
    Replies: 4
    Last Post: 06-03-2005, 11:43
  3. DNS and connectivity
    By Rytmeboksen in forum WL-500g Q&A
    Replies: 3
    Last Post: 04-02-2005, 19:22
  4. Wl500G Connectivity with IPAQ
    By Archangel in forum WL-500g Q&A
    Replies: 1
    Last Post: 27-01-2005, 08:30

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •