From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-bk0-x22b.google.com (mail-bk0-x22b.google.com [IPv6:2a00:1450:4008:c01::22b]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id DB33B21F107 for ; Wed, 28 Aug 2013 01:45:01 -0700 (PDT) Received: by mail-bk0-f43.google.com with SMTP id mz13so1986481bkb.2 for ; Wed, 28 Aug 2013 01:44:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; bh=cNsdRLcplKdYn1uJOHdO32CyevBUX6ruySWprONdPEA=; b=zrnXWMwitxaTUADX2tE6DQy4j/PDotiBCVeplnpq67XARlA6JkiSTI8Vd8TKj0Xz8S jyBCXaJyD0JXDRYqxrGZmmeNRF789rxkhNO8FizmudheFRsaFCwZ/ozH5XQhssqFGBJk +6/DQSH21MZcT9jjSlhyL31TR2mouZfavUB6UzSEOdBCm5tZNUQ0HsBwF0h0RJoIo7hW Nz9Ic7ZC7F1OFoKAJKKAqZl9zsbzZhJgQz2KwjUnOj/QcfLd4HAdadnoRsTkqb7gaA+3 KYHs4mh3Db02Z/JQHvwuauUmy8DvfRJ8JfBnTgwE3Aqd3WKt+Si0ZbYopvfUOQ9xCRu9 5JWg== X-Received: by 10.205.5.6 with SMTP id oe6mr146246bkb.36.1377679498887; Wed, 28 Aug 2013 01:44:58 -0700 (PDT) Received: from [192.168.1.87] (p5480E3A0.dip0.t-ipconnect.de. [84.128.227.160]) by mx.google.com with ESMTPSA id zl3sm5460852bkb.4.1969.12.31.16.00.00 (version=TLSv1 cipher=RC4-SHA bits=128/128); Wed, 28 Aug 2013 01:44:58 -0700 (PDT) Message-ID: <521DB883.20106@gmail.com> Date: Wed, 28 Aug 2013 10:44:51 +0200 From: Oliver Niesner User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130807 Thunderbird/17.0.8 MIME-Version: 1.0 To: cerowrt-devel@lists.bufferbloat.net X-Enigmail-Version: 1.5.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: [Cerowrt-devel] double_nat_question X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Aug 2013 08:45:02 -0000 Hi all, I hope someone could help me, it seems that i doesn't get it or misinterpret something :-/ I want to get rid of double NAT in my small network at home, but it seems it only works, if i use an extra iptables MASQUERADE rule on my pc which does all the firewalling dhcp etc.. My setup: ^ |internet | ------------------------- ------------------------ | | | firewall pc | | dsl-router | |dhcp, small | |(NAT, no CEROwrt! |----------eth0--------|webserver etc. | |ip, static=192.168.0.199| 192.168.0.1 |---------------|-------- |------------------------ | | eth1, 192.168.1.1 | | --------------------------------| | WAN=192.168.1.86 | WLAN------------| CEROwrt | --------------------------------- This setup works fine, but only when i do MASQUERADE on eth0, on my firewall pc! I thought it must be possible, that only my dsl-router is doing the NAT and everything else is routed inside the private net! (the necessary routes are set, every machine could ping each other) What i'm missing? thx, Oliver