[ale] SNAT issues
Chris Fowler
cfowler at outpostsentinel.com
Wed Oct 28 11:49:16 EDT 2009
I'm not even sure we'll ever use SNAT.
Here is how the system works:
Device running 2.4.24 is installed on network a. It is a
192.168.5.0/24.
Another device is installed on network b. It is also 192.168.5.0/24.
Both device's VPN into central server using a method that uses pppd. On
both devices masquerading is turned on where "eth0" is considered the
"public" interface.
We want to access 192.168.5.1 on site A and 192.168.5.1 on site b. I
can use host based routing and route back through the VPN to remote
device but I can not add two routes for the same address. Now comes
DNAT.
On the device I use DNAT and assign the remote network a "virtual
network". Maybe 10.0.1.0/24 for net A and 10.0.2.0/24 for net b. Then
on the device I dnat 10.0.1.5 -> 192.168.5.1 and on net b I dnat
10.0.2.5 -> 192.168.5.1.
This solves the problem of remote networks I have no control over having
identical subnets and identical addresses for what I need to access.
I can not think of a reason I would want to SNAT back from the remote
network to the central office. I never ever go there.
More information about the Ale
mailing list