NAT not working

Home Page Forums Network Management ZeroShell NAT not working

This topic contains 1 reply, has 0 voices, and was last updated by  sirioxx 5 years, 2 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #43735

    sirioxx
    Member

    Zeroshell 1.0 b16.

    I have ETH00 (lan side).
    It belogns to more networks (192.168.6.1/24, 192.168.0.3/24).
    Nat is working fine for these two classes.
    I add a new ip: 192.168.205.1/30 to use ad gateway.
    Then I set 192.168.205.2 to a pc and 192.168.205.1 as gw.
    The pc is able to ping the gw but it fails pinging a public ip address.
    I tried then to set 192.168.6.88 to the pc (and 192.168.6.1 as gw) and it’s able to ping the public ip address.
    I’ve been looking then to zimbra tcpdump (WAN interface ET01).
    Ad you can see, the remote server answer to the private ip!


    tcpdump -i ETH01 -f | grep 85.10.193.55
    11:19:36.298657 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:19:36.317115 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:19:36.317163 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    11:19:37.306796 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:19:37.325120 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:19:37.325189 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    11:19:38.314444 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:19:38.332755 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:19:38.332800 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    11:19:58.473963 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:19:58.492271 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:19:58.492329 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    11:19:59.481807 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:19:59.500204 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:19:59.500251 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    11:20:00.489639 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:20:00.508167 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:20:00.508231 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    11:20:01.497715 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:20:01.515945 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:20:01.515997 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    11:20:02.505627 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:20:02.523809 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:20:02.523852 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    11:20:03.513607 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:20:03.532293 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:20:03.532364 static.85-10-193-55.clients.your-server.de > 192.168.205.2: icmp: echo reply
    11:20:04.521598 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:20:04.539710 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply






    11:22:19.628034 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:22:19.646417 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:22:20.629965 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:22:20.649469 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:22:21.631892 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:22:21.650293 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:22:22.633640 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:22:22.653533 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:22:23.635385 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:22:23.653616 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:22:24.636751 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:22:24.655360 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:22:25.638911 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:22:25.657238 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:22:26.640837 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:22:26.659243 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:22:27.642954 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:22:27.661120 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply
    11:22:28.644539 smtp.avalonisland.it > static.85-10-193-55.clients.your-server.de: icmp: echo request (DF)
    11:22:28.662650 static.85-10-193-55.clients.your-server.de > smtp.avalonisland.it: icmp: echo reply

    Here are my running NAT rules

    iptables -t nat -L --numeric

    Chain POSTROUTING (policy ACCEPT)
    target prot opt source destination
    SNATVS all -- 0.0.0.0/0 0.0.0.0/0
    MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
    MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
    MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0
    OpenVPN all -- 0.0.0.0/0 0.0.0.0/0


    Chain OpenVPN (1 references)
    target prot opt source destination
    MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 source IP range 192.168.250.1-192.168.250.2

    Chain SNATVS (1 references)
    target prot opt source destination

    What do you think?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.