4 Dec
2007
4 Dec
'07
3:05 p.m.
Hi,
Interesting to know that this is possible, because (as I understand):
- Internet Uplink packets are MASQUERADEd (*) when being entunnelled at
Bs' bat0 interface and a second time at your upstream GW interface
A B C
eth0 eth0 bat0 bat0 dsl0 Internet
completley correct, the thing is, if i understand right, the good old
one-way-tunnel doesn't do anything with virtual IPs, but just uses
the real IPs so it doesn't matter.
It doesn't matter for B but it should matter for A
Assuming:
As' eth0 has IP 10.0.1.1
Bs' eth0 has IP 10.0.1.2
Bs' wlan0 has IP 10.0.0.2
with onw-way-tunnel
Bs' bat0 also has IP 10.0.0.2
if A sends a packet along the default route the packet is routed into Bs' bat0
and MASQUERADEd from 10.0.1.1 to 10.0.0.2 .
Now what happens when the packets comes back? I think, in order to get
delivered to A, it must be de-MASQUERADEd from 10.0.0.2 to 10.0.1.1
ciao
/axel
>
> A---B---C
>
> A: your computer
>
> B: bmxd_rv804 client node }
> }running 2-way-tunnel
> C: bmxd_rv804 gw node }
I am just curious, can you confirm if the following correctly
describes the HNA/SNAT of your setup:
for the two-way-tunnel setup:
- you were doing SNAT at Cs' upstream interface AND at Bs' bat0
interface
MASQUERADE
for the one-way tunnel setup:
- you are only doing SNAT at Cs' upstream interface
no, i still do MASQUERADE also on Bs' bat0, because i was too lazy to
comment it out ;-) ---------->*===============>*--------->
MASQUERADE MASQUERADE
- Downlink packets are de-MASQUERADED (*) at Cs' upstream interface
(dsl0). But using one-way-tunnel, the Downlink packets are NOT routed via
the bat-tunnel, therefore downlick packets will not come out of Bs' bat0
interface and (I thought) would not be de-MASQERADEd (?) !
A B C
eth0 eth0 wlan0 wlan0 dsl0 Internet
<----------<?---------------<*---------<
de-MASQUERDE? de-MASQUERADE
catched my draft ? Please correct me if I misunderstood!
cheers
--Jan