[CUWiN] nat bogosity (was: circular route)

simon-cuw at uc.org simon-cuw at uc.org
Fri Jan 20 14:28:06 CST 2006 

ipnat.conf's manpage indicates that you can negate a subnet from the mapping.
If I do the following on Node A, it seems to get me a bit closer:

map sip0 from 10.0.0.0/8 ! to 192.168.42.0/24 -> 192.168.42.22/32 tcp/udp 10000:20000
map sip0 from 10.0.0.0/8 ! to 192.168.42.0/24 -> 192.168.42.22/32

I'm just having trouble confirming that 100%, as I don't have access to any systems on
LAN-Z right now.

On Fri, 20 Jan 2006, David Young wrote:

> On Fri, Jan 20, 2006 at 01:08:08PM -0500, simon-cuw at uc.org wrote:
> > (Please excuse me if I say something rediculous, I've only had experience with
> > simple NAT'ing so far)
> >
> > I don't quite see how that mapping would help this scenario. If we look at the
> > existing NAT table on Node A, we see:
> >
> > # ipnat -l
> > List of active MAP/Redirect filters:
> > 1: rdr sip0 192.168.0.1/32 port 80 -> 127.0.0.1 port 80 tcp
> > 2: map sip0 10.0.0.0/8 -> 192.168.42.22/32 portmap tcp/udp 10000:20000
> > 3: map sip0 10.0.0.0/8 -> 192.168.42.22/32
> >
> > This allows all nodes connected to Node A to have internet access via Router A,
> > but prevents all clients on LAN A access to the mesh network.
> >
> > If sip0's self-assigned subnet is 10.216.111.0/24, with IP 10.216.111.254,
> > alias 192.168.42.22, and default gw 192.168.42.1, your suggestion would become:
> >
> > 4: map ath0 192.168.42/24 -> 10.216.111/24 portmap tcp/udp 10000:20000
> > 5: map ath0 192.168.42/24 -> 10.216.111/24
> >
> > If I understand correctly, rules 2-3 would conflict with 4-5, right?
>
> I don't think so.  Try it and let me know.
>
> > Putting that aside, with the existing cuwireless software, would the ideal
> > scenario be to add a 3rd node, Node N, handling DHCP for LAN A, and providing
> > internet connectivity for LAN A, Node A and beyond?
> >
> > (internet)--sip0(Node N):sip1--<LAN A>
> >                   sip2
> >                    |
> >                     \-----(Node A)~~~(Node Z)--<LAN Z>
>
> Ideally, you will use no more than two nodes in this scenario.  If Node
> A has two ethernets, you could use one as the "WAN port," and the other
> as the "LAN port."
>
> Dave
>
> --
> David Young             OJC Technologies
> dyoung at ojctech.com      Urbana, IL * (217) 278-3933
> _______________________________________________
> CU-Wireless mailing list
> CU-Wireless at lists.cuwireless.net
> http://lists.chambana.net/cgi-bin/listinfo/cu-wireless
> Project Page: http://cuwireless.ucimc.org
>

More information about the CU-Wireless mailing list