From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-bk0-x22e.google.com (mail-bk0-x22e.google.com [IPv6:2a00:1450:4008:c01::22e]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 90EAA21F17F for ; Tue, 27 Aug 2013 01:05:16 -0700 (PDT) Received: by mail-bk0-f46.google.com with SMTP id 6so1476068bkj.33 for ; Tue, 27 Aug 2013 01:05:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=SUIfaILOP0Vf0uAVho9bohHDcVP5CTHBwE5mN/W3sCA=; b=ANriaGXGbw6s73/JUtyklrcgDZSr/sziJCgbUfVlvZfJckyHiZSo3tMzy8HOLd8TQ6 PZ0Wl8pa7V4B62BWKdIRAjc2N0m1rCVHdRaY1RSMsSmbA8zTazdYwLtqbTBMZZN/0623 fZIKWwwkGLp5B8IovsVaXfXbGLcvxhw1RlOiudv1QlhJ/AywgJEmtIQJnkxNiQpIglYb Fep7PLu4D90E62R2+/i5qs890DtgDuEWyLSTN1vtnO53DGtT2z8G00ouX9aclNab5AEF VlvLj32OJX954LfJsHK0JrBavXKB/UyzEsyt9ZejHzjyXaG+5y6R6XPQim0rW58wJgxf LUtA== X-Received: by 10.205.9.198 with SMTP id ox6mr13365045bkb.19.1377590714045; Tue, 27 Aug 2013 01:05:14 -0700 (PDT) Received: from [172.30.42.67] (p5B3B52F9.dip0.t-ipconnect.de. [91.59.82.249]) by mx.google.com with ESMTPSA id no2sm3875294bkb.15.1969.12.31.16.00.00 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 27 Aug 2013 01:05:13 -0700 (PDT) Message-ID: <521C5DB8.1060804@googlemail.com> Date: Tue, 27 Aug 2013 10:05:12 +0200 From: Oliver Niesner User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Thunderbird/17.0.8 MIME-Version: 1.0 To: cerowrt-devel@lists.bufferbloat.net X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: [Cerowrt-devel] double_NAT_question X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Aug 2013 08:05:17 -0000 Hi all, I hope someone could help me, it seems that i doesn't get it or misinterpret something :-/ I want to get rid of double NAT in my small network at home, but it seems it only works, if i use an extra iptables MASQUERADE rule on my pc which does all the firewalling dhcp etc.. My setup: ^ |internet | ------------------------- ------------------------ | | | firewall pc | | dsl-router | |dhcp, small | |(NAT, no CEROwrt! |----------eth0--------|webserver etc. | |ip, static=192.168.0.199| 192.168.0.1 |---------------|-------- |------------------------ | | eth1, 192.168.1.1 | | --------------------------------| | WAN=192.168.1.86 | | CEROwrt | --------------------------------- This setup works fine, but only when i do MASQUERADE on eth0, on my firewall pc! I thought it must be possible, that only my dsl-router is doing the NAT and everything else is routed inside the private net! What I'am missing? thx, Oliver