Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] IP Masquerading
- Date: Sun, 18 Aug 2002 18:56:28 +0900
- From: Jonathan Q <jq@example.com>
- Subject: Re: [tlug] IP Masquerading
- References: <1029659957.5799.20.camel@example.com>
- User-agent: Mutt/1.4i
On Sun, Aug 18, 2002 at 05:39:12PM +0900, Ryan Shaw wrote: >I am trying to setup a server on my OCN ADSL >connection. I can successfully connect to >port 80 of my server if I connect my server >directly to my ADSL router and configure IP >masquerading on the router, but when I try >to put my Corega hub in between the router >and my server (so other machines in my house >can use the ADSL), port 80 is closed to the >outside, even though I have enabled IP >masquerading on the hub... Umm, hubs don't do IP masquerading. They don't do anything at all except connect devices together. A hub is a completely dumb device that takes in packets on port A and broadcasts them out every other port it has. The machine whose MAC address is in the packets will then pick them up (along with any machine with its NIC in promsiscuous mode). This is why you can sniff packets on a network with a hub in it. You can't sniff a switched network b/c it sends packets only out the port they are destined for. Hubs and (normal) switches do not understand anything above layer 2. TCP and UDP ports, along with IP addresses and NAT, happen on layer 3. >But this doesn't (nmap -p 80 from remote machine >shows port 80 closed, and I cannot browse via lynx): > > [ Internet ] > | > | > Dynamic IP >[ ADSL Router: IP masq. port 80 -> 192.168.0.2:80 ] > 192.168.0.1 > | > | > 192.168.0.2 >[ Corega Hub: IP masq. port 80 -> 192.168.1.11:80 ] > 192.168.1.1 > | > | > 192.168.1.11 >[ Apache Server ] OK, you're trying to double-NAT. I suggest not doing that until you have a more basic setup working. Even then, as B0ti mentioned, it's probably overkill. Setup this Corega device to function as a simple switch and try this again. Once that is working, then go back and try to set up the double-NAT again if you really want to do that. One thing to watch out for is that you say in your diagram above: >[ Corega Hub: IP masq. port 80 -> 192.168.1.11:80 ] but this is probably not enough. What you probably need to do is port forwarding like this: 192.168.0.2:80 -> 192.168.1.11:80 Now, if you are paranoid enough to use double-NAT and you want to add yet another step of paranoia, have your web server listen on an alternate port above 1024 and do this: 192.168.0.2:80 -> 192.168.1.1:8080 (that port picked just as an example). >I have IP filtering turned off on the hub. The Corega >configuration app (web-based) calls its IP masquerading >functionality "Virtual Server Setting"; A web interface and IP masquerading? This definitely is not a hub. It sounds like a layer three switch, or maybe even a router, but I didn't know Corega even made such things. It's definitely not a hub, anyway. Got a model number and URL for this thing's docs? "Virtual Server Setting" would be a pretty stupid name for NAT, but maybe somebody in marketing thought it sounded cool :-p HTH, J -- GPG key: DF12B4EF (5399 C834 3ABB C3AF 610C 5345 D5D6 E6EA DF12 B4EF)
Attachment:
pgp00022.pgp
Description: PGP signature
- Follow-Ups:
- Re: [tlug] IP Masquerading
- From: Ryan Shaw
- Re: [tlug] IP Masquerading
- References:
- [tlug] IP Masquerading
- From: Ryan Shaw
- [tlug] IP Masquerading
- Prev by Date: [tlug] Re: IP Masquerading
- Next by Date: Re: [tlug] IP Masquerading
- Previous by thread: [tlug] Re: IP Masquerading
- Next by thread: Re: [tlug] IP Masquerading
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |