Double NAT?

Home Page Forums Network Management ZeroShell Double NAT?

  • This topic is empty.
Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • March 7, 2009 at 3:39 pm #41520
    netsysadmin
    Member

    Hi,

    I have the following setup:
    Internet<

    >ADSL modem/router<
    >ZeroShell<
    >LAN

    The ADSL modem/router already does NAT.
    Is it possible for ZeroShell to forward outgoing packets to the Internet via the ADSL modem/router without doing NAT on them, ie, only do routing/forwarding?

    Thank you

    March 9, 2009 at 8:03 am #47709
    ppalias
    Member

    Go to
    Network -> Router -> NAT
    Remove the interface that connects to the modem-router from the NAT Enabled Interface list.

    March 9, 2009 at 11:06 am #47710
    netsysadmin
    Member

    It does not work. As soon as I re-add the interface to the list of “NAT Enabled Interfaces”, it works again!

    March 11, 2009 at 5:25 am #47711
    netsysadmin
    Member

    Any one can help?

    Thanks

    March 11, 2009 at 6:42 am #47712
    bbozo
    Member

    1. check if ZS and adsl router are in the same subnet (they should be).
    2. ZS Should have adsl routers IP as a Default Gateway (PCs in lan should have ZS as their GTW)
    3. DNS forwarders in ZS should be set to adsl router
    4. disable NAT in ZS

    I can’t be certain this is a solution. This is in general.
    you sholud post more info on your configuration.

    March 11, 2009 at 7:16 am #47713
    netsysadmin
    Member

    Thanks for replying.

    LAN computers use 10.0.0.0/16 subnet and have 10.0.0.3 as their gateway.
    ZeroShell LAN interface IP address: 10.0.0.3/16
    ZeroShell WAN interface IP address: 10.1.0.1/16
    ZeroShell gateway: 10.1.0.3
    ADSL modem/router LAN interface IP address: 10.1.0.3

    March 11, 2009 at 9:07 am #47714
    bbozo
    Member

    then considering everythig a alredy said you should add in your adsl router a static route to your lan subnet and set next hop (gtw) as 10.1.0.1/16 (your ZS)

    as i can see you have a big network since you use class B subnet (16).
    Consider the ability of your adsl router and hardware you run ZS on because it can slow down your network. If you network is not that big (more than 250 clients) you should use C class subnet (24).

    hope this helps

    March 11, 2009 at 1:37 pm #47715
    ppalias
    Member

    @netsysadmin wrote:

    It does not work. As soon as I re-add the interface to the list of “NAT Enabled Interfaces”, it works again!

    For what reason you re-add it? You need to remove it from the NAT Enabled Interfaces list.

    March 11, 2009 at 7:33 pm #47716
    yuti
    Member

    I think ZS in Bridge mode may help you.

    March 12, 2009 at 6:11 am #47717
    netsysadmin
    Member

    OK. It’s working. I think adding the static route was the solution.

    However, I am unable to ping the LAN interface (10.1.0.3) of the ADSL modem/router from a PC on the LAN!
    I can ping the WAN interface of the ZeroShell firewall (10.1.0.1).

    But I can access the internet without any problem!

    March 12, 2009 at 10:29 am #47718
    ppalias
    Member

    Does the modem have a static route for the 10.0.0.0/16 subnet? If not, it cannot communicate with your LAN clients and you need to install a static route on the modem for 10.0.0.0/16 via 10.1.0.1

    March 19, 2009 at 6:05 am #47719
    netsysadmin
    Member

    Yes, it does. But, I’m still unable to ping it!

    March 23, 2009 at 7:53 am #47720
    ppalias
    Member

    If routing is ok, then you need to check any firewall that might be blocking your traffic.

  • Author
    Posts
Viewing 13 posts - 1 through 13 (of 13 total)
  • You must be logged in to reply to this topic.