LARTC - Apr 2004 - Real IP behind SNAT

Hi.

I was asked to put a real IP behind a linux router
is doing static NAT for an internal network.


    Internet (gateway)
            |
            |
            |
    eth0 = real IP
   -----------------
   L I N U X  ROUTER
   -----------------
   eth1 = private IP
            |
            |
            |
    eth0 = real IP   
   -----------------
 Wireless Access Point
   -----------------

I was  asked to put  a real  ip (not to  do static
NAT) in the Ethernet interface of the WAP. How can
I do it?

I''ve read  some manuals and  I guess I  should use
the  same  address  with a  different  netmask  in
WAP(eth0) and put a route in the Linux box and use
a  fake arp  entry in  the eth0  interface of  the
router.

I''d appreciate any hint you can give me.

Regards,
Nelson.-

-- 
http://geocities.com/arhuaco

The first principle is that you must not fool yourself
and you are the easiest person to fool.
     -- Richard Feynman.

On Tuesday, 27 April 2004, at 09:13:58 -0500,
Nelson E. Castillo wrote:
>     Internet (gateway)
>             |
>             |
>             |
>     eth0 = real IP
>    -----------------
>    L I N U X  ROUTER
>    -----------------
>    eth1 = private IP
>             |
>             |
>             |
>     eth0 = real IP   
>    -----------------
>  Wireless Access Point
>    -----------------
> 
> I was  asked to put  a real  ip (not to  do static
> NAT) in the Ethernet interface of the WAP. How can
> I do it?
> 
I suppose the real IP you have to assing to your WAP ethernet interface
is in the same range as the real IP address assigned to the external
interface of your Linux router. I think you can set up a proxy ARP entry
on this Linux router for the real IP to put on your WAP.

The external interface in the Linux router will reply to ARP requests
with its own MAC address, and will receive the incoming traffic. Then
you must have adequate routing entries to direct traffic going to the
"internal" real IP address through the internal (private) interface in
the Linux router, and hopefully it will arrive at the WAP.

The best way to avoid missing something in the process of configuring
everything is to take a paper and a pen, and draw the path of the IP
packets through your network. Do everything as the operating system
would do, and do what is needed to make packets arrive at the correct
place in your network.

Greetings.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Sid (Linux 2.6.5)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hi,

You put in your internet (gw) eth0 an ip/30 (real ip) 
and in your ap wan with ip/30 (real ip) gw your 
internet gw eth0. got it? if you use iptables to do 
snat don''t forget to create a rule to not nat your ap 
real ip ;)

I hope that help you.

Good Luck,
Anderson

> Hi.
> 
> I was asked to put a real IP behind a linux router
> is doing static NAT for an internal network.
> 
> 
>     Internet (gateway)
>             |
>             |
>             |
>     eth0 = real IP
>    -----------------
>    L I N U X  ROUTER
>    -----------------
>    eth1 = private IP
>             |
>             |
>             |
>     eth0 = real IP   
>    -----------------
>  Wireless Access Point
>    -----------------
> 
> I was  asked to put  a real  ip (not to  do static
> NAT) in the Ethernet interface of the WAP. How can
> I do it?
> 
> I''ve read  some manuals and  I guess I  should use
> the  same  address  with a  different  netmask  in
> WAP(eth0) and put a route in the Linux box and use
> a  fake arp  entry in  the eth0  interface of  the
> router.
> 
> I''d appreciate any hint you can give me.
> 
> Regards,
> Nelson.-
> 
> -- 
> http://geocities.com/arhuaco
> 
> The first principle is that you must not fool yourself
> and you are the easiest person to fool.
>      -- Richard Feynman.
> 
> 
 
__________________________________________________________________________
Acabe com aquelas janelinhas que pulam na sua tela.
AntiPop-up UOL - É grátis!
http://antipopup.uol.com.br/

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

> The best way to avoid missing something in the process of configuring
> everything is to take a paper and a pen, and draw the path of the IP
> packets through your network. Do everything as the operating system
> would do, and do what is needed to make packets arrive at the correct
> place in your network.

Thanks a lot.

I could use  Proxy ARP. It''s rather  easy and it''s
in  the HOWTO.  I  couldn''t have  done it  without
tcpdump... Your advice is  quite generic. It reads
: Learn  IP and learn  what the Linux  kernel does
with  your packages  :) And  I know  I need  to do
that.

Is there  a way to  trace the flow of  the packets
inside of  the kernel?  It would  be nice  to have
some  /proc  entry to  watch  that.  I don''t  know
whether it exists. I  mean, this packet came here,
and went there ... and so on.


-- 
http://geocities.com/arhuaco

The first principle is that you must not fool yourself
and you are the easiest person to fool.
     -- Richard Feynman.

Nelson E. Castillo wrote:
> Is there  a way to  trace the flow of  the packets
> inside of  the kernel?  It would  be nice  to have
> some  /proc  entry to  watch  that.  I don''t  know
> whether it exists. I  mean, this packet came here,
> and went there ... and so on.
umm
TRACE + RAW patch in iptables pom.