MultiCom Technical Support Forum Index MultiCom Technical Support
Supporting MultiCom Routers, Firewalls and VPN
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

LAN has NAT active but all incoming traffic looks wrong

 
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 3.x Network Address Translation
View previous topic :: View next topic  
Author Message
Support



Joined: 09 Oct 2002
Posts: 175
Location: Lausanne, Switzerland

PostPosted: Fri Jun 13, 03 10:58    Post subject: LAN has NAT active but all incoming traffic looks wrong Reply with quote

Normally you would not activate NAT on the LAN, leaving it active on the WAN is all that you need to do for Internet sharing.

By default, an interface that has NAT activated will masquerade all traffic that passes through it, making it seem that the interface generated the packet. For instance, a packet arriving from the Internet and passing through a LAN interface that has NAT activated will look like it came from the LAN interface, possibly causing problems for administrators trying to track external users by their IP address.

The 2 big reasons that you would use NAT on the LAN are
  • LAN users can type the same domain name (www.mybusiness.com) that an Internet visitor would use and be redirected correctly
  • useful as an external gateway: because data seems to come from this interface on the same subnet as the other users, responses will be sent back to this IP address (LAN interface) instead of being sent to a default gateway.
Officially we ask users needing to know the original IP address to either disable NAT on the LAN or wait for version 3.5 which will have a DNS server integrated BUT we have come up with a temporary solution to use with 3.4.1. Simply add 2 NAT rules to the NAT > INTERFACE > LAN > Output table.
  1. ANY protocol, Source=LAN subnet, MAP=masquerade
  2. ANY protocol, ANY source, ANY destination, MAP=nomap
This says to only use the NAT redirection on the LAN for the traffic originating from the LAN and that for all other traffic to not use NAT (and so not change the source IP address of the packet).
Back to top
View user's profile Send private message Send e-mail Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    MultiCom Technical Support Forum Index -> 3.x Network Address Translation All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group