[CUWiN-Dev] ipnat question + patch
Bill Comisky
bcomisky at pobox.com
Fri Apr 22 11:42:44 CDT 2005
On Wed, 20 Apr 2005, Bill Comisky wrote:
> On Wed, 20 Apr 2005, David Young wrote:
>
>> On Wed, Apr 20, 2005 at 05:07:35PM -0500, Bill Comisky wrote:
>> >
>> > The CUWiN gateway in our testbed (currently rev 3014) is mapping
>> > 10.0.0.0/8 to the address received via DHCP from the LAN in the
>> > /etc/ipnat.conf file. Like:
>> >
>> > map sip0 10.0.0.0/8 -> 192.168.2.104/32 portmap tcp/udp 10000:20000
>> > map sip0 10.0.0.0/8 -> 192.168.2.104/32
>> >
>> > Should this be "169.254.0.0/16 -> ..." now? We recently cannibalized
>> > our
>> > HSLS testbed, and in putting it back together I found I couldn't ping
>> > from
>> > a standalone node through the CUWiN gateway to our local LAN or
>> > internet.
>>
>> I suspect the ping requests are going out with an address in 169.254/16.
>> Is that right? You probably need my patch for source-address selection
>> (attached).
>
> Yes, that's exactly what was happening. I applied the patch and rebuilt, and
> it seems to be working now with the original ipnat.conf file. Thanks for the
> patch and the info on the link-local addresses.
>
> bill
One more question..ipnat effectively hides the 10.x.x.x address space from
the network the gateway is plugged into, right? I tried making a route to
10.0.0.0/8 on my LAN to check and couldn't ssh into a CUWiN node using
it's 10. address (timed out). However, it works if I do the same thing
with the link-local 169.254. address (not NAT'd). I wasn't sure if there
was a design goal of hiding the CUWiN private addresses from the network
the gateway is plugged into, or if that is up to whatever other
routing/firewalling is going on in front of the gateway.
bill
--
Bill Comisky
bcomisky at pobox.com
More information about the CU-Wireless-Dev
mailing list