Re: SNAT, DNAT - problem

Renata Sieczka wrote:
> I connect (telnet) from the computer with OS Linux (its IP 172.16.13.1)
> to the machine 172.16.20.2 (in fact its real IP 192.168.10.1). Then I
> close the telnet session, I try to telnet a few following times with
> success.
>
> Then I connect/telnet from the computer with OS windows (its IP
> 172.16.13.1) to 172.16.20.2. I can telnet only once. After disconecting
> and trying to connect another time and I can not connect. The info I
> receive is:
> cannot establish connection on port 23. The connection failed.
>
> So, from OS-Linux it is OK, from Windows not.

Happy to hear that...


> The part of configuration of iptables included below:
>
> # change of IP of computer connecting
> iptables -t nat -A POSTROUTING -o eth1 -s 172.16.13.1/32 -j SNAT --to
> 192.168.1.1
>
> # on firewall subinterface 172.16.20.2 added - in fact trying
> 172.16.20.2 is translated to 192.168.10.1
> iptables -t nat -A PREROUTING -i eth0 -d 172.16.20.2/32 -j DNAT --to
> 192.168.10.1
>
> Any sugestions?

First of all, "who is who" in this picture...? - You're NATting from
one private IP space to anothrt, why? - How? - Under what circumstances?

This question is not a "smart" one, since You do not give enough details
to even guess what he problem may be. - Your router set-up seems to be
ok, from what I can tell, since at least under Linux, everything works
as expected.


Send more info, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...

jack wrote:
> Renata Sieczka wrote:
>
>> I connect (telnet) from the computer with OS Linux (its IP
>> 172.16.13.1) to the machine 172.16.20.2 (in fact its real IP
>> 192.168.10.1). Then I close the telnet session, I try to telnet a few
>> following times with success.
>>
>> Then I connect/telnet from the computer with OS windows (its IP
>> 172.16.13.1) to 172.16.20.2. I can telnet only once. After
>> disconecting and trying to connect another time and I can not connect.
>> The info I receive is:
>> cannot establish connection on port 23. The connection failed.
>>
>> So, from OS-Linux it is OK, from Windows not.
>
>
> Happy to hear that...
>
>
>> The part of configuration of iptables included below:
>>
>> # change of IP of computer connecting
>> iptables -t nat -A POSTROUTING -o eth1 -s 172.16.13.1/32 -j SNAT --to
>> 192.168.1.1
>>
>> # on firewall subinterface 172.16.20.2 added - in fact trying
>> 172.16.20.2 is translated to 192.168.10.1
>> iptables -t nat -A PREROUTING -i eth0 -d 172.16.20.2/32 -j DNAT --to
>> 192.168.10.1
>>
>> Any sugestions?
>
>
> First of all, "who is who" in this picture...? - You're NATting from
> one private IP space to anothrt, why? - How? - Under what circumstances?
>
> This question is not a "smart" one, since You do not give enough details
> to even guess what he problem may be. - Your router set-up seems to be
> ok, from what I can tell, since at least under Linux, everything works
> as expected.
>
>
> Send more info, Jack.
>

The reason why I make 2 translations is that:
1) to the networks outside I have to connect as certain IP (let's say
from the network 192.168.1.0)
2) I don't want users to know true IP address of the computer they
connect to - that's why there is NAT of destination address.

Renata