Hi,
On Dienstag 04 Dezember 2007, Jan Hetges wrote:
Hi Axel
On Sun, Dec 02, 2007 at 07:54:24PM +0100, Axel Neumann wrote:
...
- Can you describe it in way that i can reproduce it ?
A---B---C
A: your computer
B: bmxd_rv804 client node } }running 2-way-tunnel C: bmxd_rv804 gw node }
I am just curious, can you confirm if the following correctly describes the HNA/SNAT of your setup:
for the two-way-tunnel setup:
- you were doing SNAT at Cs' upstream interface AND at Bs' bat0
interface
MASQUERADE
for the one-way tunnel setup:
- you are only doing SNAT at Cs' upstream interface
no, i still do MASQUERADE also on Bs' bat0, because i was too lazy to comment it out ;-)
Interesting to know that this is possible, because (as I understand):
- Internet Uplink packets are MASQUERADEd (*) when being entunnelled at Bs' bat0 interface and a second time at your upstream GW interface
A B C eth0 eth0 bat0 bat0 dsl0 Internet
---------->*===============>*--------->
MASQUERADE MASQUERADE
- Downlink packets are de-MASQUERADED (*) at Cs' upstream interface (dsl0). But using one-way-tunnel, the Downlink packets are NOT routed via the bat-tunnel, therefore downlick packets will not come out of Bs' bat0 interface and (I thought) would not be de-MASQERADEd (?) !
A B C eth0 eth0 wlan0 wlan0 dsl0 Internet <----------<?---------------<*---------< de-MASQUERDE? de-MASQUERADE
catched my draft ? Please correct me if I misunderstood!
ciao /axel
- and additionally an HNA announcement by B for the address used by A
yes, but also with 2-way-tunnel (because i want net internal routing)
cheers
--Jan