[Cerowrt-devel] double_nat_question
Fred Stratton
fredstratton at imap.cc
Wed Aug 28 04:55:27 EDT 2013
The cerowrt box should be after the ADSL gateway. Use the cerowrt firewall. Bridge the ADSL gateway, or, if the ISP prohibits that, create a DMZ with cerowrt as the item in it.
On 28 Aug 2013, at 09:44, Oliver Niesner <oliver.niesner at gmail.com> wrote:
>
>
> Hi all,
>
> I hope someone could help me, it seems that i doesn't get it or misinterpret
> something :-/
>
> I want to get rid of double NAT in my small network at home, but it seems it
> only works, if i use an extra iptables MASQUERADE rule on my pc which does all
> the firewalling dhcp etc..
>
> My setup: ^
> |internet
> |
> ------------------------- ------------------------
> | | | firewall pc |
> | dsl-router | |dhcp, small |
> |(NAT, no CEROwrt! |----------eth0--------|webserver etc. |
> |ip, static=192.168.0.199| 192.168.0.1 |---------------|--------
> |------------------------ |
> |
> eth1,
> 192.168.1.1
> |
> |
> --------------------------------|
> | WAN=192.168.1.86 |
> WLAN------------| CEROwrt |
> ---------------------------------
>
>
> This setup works fine, but only when i do MASQUERADE on eth0, on my firewall pc!
> I thought it must be possible, that only my dsl-router is doing the NAT and
> everything else is routed inside the private net!
> (the necessary routes are set, every machine could ping each other)
> What i'm missing?
>
> thx,
>
> Oliver
>
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
More information about the Cerowrt-devel
mailing list