On Tue, Dec 04, 2007 at 10:05:46AM +0100, Axel Neumann wrote:
Hi,
On Dienstag 04 Dezember 2007, Jan Hetges wrote:
Hi Axel
On Sun, Dec 02, 2007 at 07:54:24PM +0100, Axel Neumann wrote:
...
- Can you describe it in way that i can reproduce it ?
A---B---C
A: your computer
B: bmxd_rv804 client node } }running 2-way-tunnel C: bmxd_rv804 gw node }
I am just curious, can you confirm if the following correctly describes the HNA/SNAT of your setup:
for the two-way-tunnel setup:
- you were doing SNAT at Cs' upstream interface AND at Bs' bat0
interface
MASQUERADE
for the one-way tunnel setup:
- you are only doing SNAT at Cs' upstream interface
no, i still do MASQUERADE also on Bs' bat0, because i was too lazy to comment it out ;-)
Interesting to know that this is possible, because (as I understand):
- Internet Uplink packets are MASQUERADEd (*) when being entunnelled at Bs'
bat0 interface and a second time at your upstream GW interface
A B C eth0 eth0 bat0 bat0 dsl0 Internet
---------->*===============>*--------->
MASQUERADE MASQUERADE
- Downlink packets are de-MASQUERADED (*) at Cs' upstream interface (dsl0).
But using one-way-tunnel, the Downlink packets are NOT routed via the bat-tunnel, therefore downlick packets will not come out of Bs' bat0 interface and (I thought) would not be de-MASQERADEd (?) !
A B C eth0 eth0 wlan0 wlan0 dsl0 Internet <----------<?---------------<*---------< de-MASQUERDE? de-MASQUERADE
catched my draft ? Please correct me if I misunderstood!
completley correct, the thing is, if i understand right, the good old one-way-tunnel doesn't do anything with virtual IPs, but just uses the real IPs so it doesn't matter.
cheers
--Jan