NAT not working

Forums Network Management ZeroShell NAT not working

  • This topic is empty.
Viewing 1 post (of 1 total)
  • Author
    Posts
  • September 24, 2013 at 9:38 am #43735
    sirioxx
    Member

    Zeroshell 1.0 b16.

    I have ETH00 (lan side).
    It belogns to more networks (192.168.6.1/24, 192.168.0.3/24).
    Nat is working fine for these two classes.
    I add a new ip: 192.168.205.1/30 to use ad gateway.
    Then I set 192.168.205.2 to a pc and 192.168.205.1 as gw.
    The pc is able to ping the gw but it fails pinging a public ip address.
    I tried then to set 192.168.6.88 to the pc (and 192.168.6.1 as gw) and it’s able to ping the public ip address.
    I’ve been looking then to zimbra tcpdump (WAN interface ET01).
    Ad you can see, the remote server answer to the private ip!


    
tcpdump -i ETH01 -f | grep 85.10.193.55
    
11:19:36.298657 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:19:36.317115 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:19:36.317163 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    
11:19:37.306796 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:19:37.325120 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:19:37.325189 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    
11:19:38.314444 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:19:38.332755 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:19:38.332800 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    
11:19:58.473963 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:19:58.492271 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:19:58.492329 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    
11:19:59.481807 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:19:59.500204 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:19:59.500251 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    
11:20:00.489639 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:20:00.508167 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:20:00.508231 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    
11:20:01.497715 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:20:01.515945 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:20:01.515997 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    
11:20:02.505627 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:20:02.523809 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:20:02.523852 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    
11:20:03.513607 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:20:03.532293 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:20:03.532364 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    
11:20:04.521598 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:20:04.539710 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    

    

    

    

    

    

    
11:22:19.628034 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:22:19.646417 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:22:20.629965 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:22:20.649469 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:22:21.631892 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:22:21.650293 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:22:22.633640 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:22:22.653533 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:22:23.635385 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:22:23.653616 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:22:24.636751 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:22:24.655360 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:22:25.638911 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:22:25.657238 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:22:26.640837 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:22:26.659243 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:22:27.642954 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:22:27.661120 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    
11:22:28.644539 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    
11:22:28.662650 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply

    Here are my running NAT rules

    iptables -t nat -L --numeric
    

    
Chain POSTROUTING (policy ACCEPT)
    
target     prot opt source               destination
    
SNATVS     all  --  0.0.0.0/0            0.0.0.0/0
    
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0
    
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0
    
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0
    
OpenVPN    all  --  0.0.0.0/0            0.0.0.0/0
    

    

    
Chain OpenVPN (1 references)
    
target     prot opt source               destination
    
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0           source IP range 192.168.250.1-192.168.250.2
    

    
Chain SNATVS (1 references)
    
target     prot opt source               destination

    What do you think?

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.