RE: double NAT

From: o1o (o1o@oh2600.org)
Date: 07/24/01 

From: "o1o" <o1o@oh2600.org>
To: "'The Psychotic Viper'" <psyv@root.org.za>, "'Kirk Brady'" <kbrady22@iprimus.com.au>
Subject: RE: double NAT
Date: Mon, 23 Jul 2001 18:13:25 -0400
Message-ID: <000201c113c4$b1d727f0$0501a8c0@cleusr01>

Um, as far as I see the question, it should work (actually, it does)

For example:
        box1: EXT-IF: 1.2.3.4
                INT-IF: 192.168.1.1 /sbin/ipchains -A forward -s
192.168.1.0/24 -d ! 192.168.1.0/24 -j MASQ
                                           route add default gw 1.1.1.1
        box2: EXT-IF: 192.168.1.2
                INT-IF: 10.1.3.4 /sbin/ipchains -A forward -s
10.1.0.0/16 -d ! 10.1.0.0/16 -j MASQ
                                        route add default gw 192.168.1.1
        box3: EXT-IF: 10.1.4.5
                                        route add default gw 10.1.3.4

Box 1 is your primary connection to the internet (external interface of
1.2.3.4 with gateway of 1.1.1.1, fill in the blanks for your ISP).
Box 2 is another box running MASQ forwarding all traffic from 10.1.0.0
to 192.168.1.0.
Box 3 is just a machine on the 10.1.0.0 network with gateway of 10.1.3.4
(box2)

I think that answers your question

----o1o

-----Original Message-----
From: The Psychotic Viper [mailto:psyv@root.org.za]
Sent: Sunday, July 22, 2001 8:43 PM
To: Kirk Brady
Cc: security basics
Subject: Re: double NAT

Hi,

On Fri, 20 Jul 2001, Kirk Brady wrote:

> this may be a stupid q to some but i was just wondering that if you
> have a router connected to the net that performs NAT, and then a
> firewall connected to the router that performs NAT as well, do all
> user requests that are sent then get double NAT'd or does this setup
> not work? once again im sorry if this seems stupid to some, but its
> been bugging me for a while and i havent found anything that tells me.

nope...the operating system allows for one gateway to be setup (least as
far as I have seen on the w/station and server OS's I have worked on) so
the request is dealt with by the gateway its set to use.

And as I recall the term "double NAT'ing" is often used to indicate two
seperate feeds to a NAT'ing gateway that operates as one via BGP. Again
its from personal experience and I could be taught otherwise. Willing to
learn, especially if my perception is wrong.:)

> thanks,
>
> kirk brady

PsyV
(And no double NAT'ing isnt a for real technical term I think)

Relevant Pages

  • Re: AT&Ts ISP & COnnection issues
    ... info Resolving name ok for: ... Gateway Diagnostic ... action Automated repair: Reset network connection ... Wireless Diagnostic ...
    (microsoft.public.windowsxp.basics)
  • RE: Remote Access problems
    ... I have been unable to attempt changing the gateway as of yet. ... Over the PPP connection, Outlook connects to exchange fine, you can print, ... > Since the remote client uses a SBS VPN connection package, ... Click Start, click Control Panel, click Network and Internet ...
    (microsoft.public.windows.server.sbs)
  • Re: Baffling DNS Problem
    ... Narrowed it down to a local DNS problem. ... info Resolving name ok for: ... Gateway Diagnostic ... Could be either gateway or DNS issue action Automated repair: Reset network connection action Disabling the network adapter ...
    (microsoft.public.windowsxp.network_web)
  • RE: Connect Computer Wizard Default Gateway Settings
    ... I understand that the client computer's ... default gateway changed after you run connectcomputer wizard on it. ... I suppose your SBS has one network adapter, ... On the Connection Type page, click Broadband, and then click Next. ...
    (microsoft.public.windows.server.sbs)
  • Re: Network connected but no IP address
    ... To make sure that the NIS firewall isn't blocking the gateway ??router??, open NIS and add the gateway ??router?? ... To minimize any conflicts while working to resolve this issue Uninstall Any/All devices listed in Device Manager> Network Adapters. ... Shut down and remove the wireless NIC. ... What components/protocols are listed as installed in the NIC connection properties? ...
    (microsoft.public.windowsxp.general)