On Dienstag 04 Dezember 2007, Jan Hetges wrote:
On Sun, Dec 02, 2007 at 07:54:24PM +0100, Axel Neumann wrote:
> - Can you describe it in way that i can
reproduce it ?
A: your computer
B: bmxd_rv804 client node }
C: bmxd_rv804 gw node }
I am just curious, can you confirm if the following correctly
describes the HNA/SNAT of your setup:
for the two-way-tunnel setup:
- you were doing SNAT at Cs' upstream interface AND at Bs' bat0
for the one-way tunnel setup:
- you are only doing SNAT at Cs' upstream interface
no, i still do MASQUERADE also on Bs' bat0, because i was too lazy to
comment it out ;-)
Interesting to know that this is possible, because (as I understand):
- Internet Uplink packets are MASQUERADEd (*) when being entunnelled at Bs'
bat0 interface and a second time at your upstream GW interface
A B C
eth0 eth0 bat0 bat0 dsl0 Internet
- Downlink packets are de-MASQUERADED (*) at Cs' upstream interface (dsl0).
But using one-way-tunnel, the Downlink packets are NOT routed via the
bat-tunnel, therefore downlick packets will not come out of Bs' bat0
interface and (I thought) would not be de-MASQERADEd (?) !
A B C
eth0 eth0 wlan0 wlan0 dsl0 Internet
catched my draft ? Please correct me if I misunderstood!
completley correct, the thing is, if i understand right, the good old
one-way-tunnel doesn't do anything with virtual IPs, but just uses
the real IPs so it doesn't matter.