From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by huchra.bufferbloat.net (Postfix) with ESMTPS id 32D7F21F107 for ; Wed, 28 Aug 2013 01:55:32 -0700 (PDT) Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 9EE62221F4; Wed, 28 Aug 2013 04:55:29 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute3.internal (MEProxy); Wed, 28 Aug 2013 04:55:29 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=imap.cc; h= content-type:mime-version:subject:from:in-reply-to:date :content-transfer-encoding:message-id:references:to; s=mesmtp; bh=9rerPD0nPVv3TjR4a8othNPIn94=; b=KDsGusj7PT4522BQF3PEQxT17t57 3mE1vfLeOeE1wJb25fYXivj/dhf+2St2/K1OPj1EbE6MFsXIgIsqfQXOygNrQgfa DMMvpjihKYIedPUWsRdrTb0H/6NmPo6B5pFUAzyMj8zlU2qgk1GftWapsuDQsfcv VkIURXexabf7FJc= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-type:mime-version:subject:from :in-reply-to:date:content-transfer-encoding:message-id :references:to; s=smtpout; bh=9rerPD0nPVv3TjR4a8othNPIn94=; b=Tr zmFSXVEfHfiP3Kz+agU5jDH9MMeUYjar+VWcy6oDThGRe7JdZMCjZJhzG4Sa4h1h hS3LG/ed7tXa07TA4bxs6x8mzawg5HIw5xnkLwbnxWvvCwHiBnJ6IzgieWUiydty YwhgW9tt8dGfOh9jZBwwO1VXBShiBB48k6DhIWRTg= X-Sasl-enc: pQv5X3De2vtRVbNqRvYgMGq3uKW3ENN2ISTonjhD/0Di 1377680129 Received: from [172.30.42.15] (unknown [188.221.232.223]) by mail.messagingengine.com (Postfix) with ESMTPA id 3C0DB6800F8 for ; Wed, 28 Aug 2013 04:55:29 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) From: Fred Stratton In-Reply-To: <521DB883.20106@gmail.com> Date: Wed, 28 Aug 2013 09:55:27 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <521DB883.20106@gmail.com> To: "cerowrt-devel@lists.bufferbloat.net" X-Mailer: Apple Mail (2.1508) Subject: Re: [Cerowrt-devel] double_nat_question X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Aug 2013 08:55:32 -0000 The cerowrt box should be after the ADSL gateway. Use the cerowrt = firewall. Bridge the ADSL gateway, or, if the ISP prohibits that, create = a DMZ with cerowrt as the item in it. On 28 Aug 2013, at 09:44, Oliver Niesner = wrote: >=20 >=20 > Hi all, >=20 > I hope someone could help me, it seems that i doesn't get it or = misinterpret > something :-/ >=20 > I want to get rid of double NAT in my small network at home, but it = seems it > only works, if i use an extra iptables MASQUERADE rule on my pc which = does all > the firewalling dhcp etc.. >=20 > My setup: ^ > |internet > | =09 > ------------------------- ------------------------ > | | | firewall pc = | > | dsl-router | |dhcp, small = | > |(NAT, no CEROwrt! |----------eth0--------|webserver etc. = | > |ip, static=3D192.168.0.199| 192.168.0.1 = |---------------|-------- > |------------------------ | > | > eth1, > = 192.168.1.1 > | > | > --------------------------------| > | WAN=3D192.168.1.86 | > WLAN------------| CEROwrt | > --------------------------------- >=20 >=20 > This setup works fine, but only when i do MASQUERADE on eth0, on my = firewall pc! > I thought it must be possible, that only my dsl-router is doing the = NAT and > everything else is routed inside the private net! > (the necessary routes are set, every machine could ping each other) > What i'm missing? >=20 > thx, >=20 > Oliver >=20 >=20 > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel