Page 1 of 1
Nat is driving me crazy
Posted: Sat Feb 16, 2008 10:34 pm
by markrudling
Hello everyone.
Please can you help me, this is going to kill me.
I need to have 2 services running via one external IP, each service using different ports, on different devices. Some udp, some tcp. How would this be done?
Pls, i know this might seem simple, but i have to get this working. Everything i have tried does not work.
Maby an expample that i can change the ips to suit my needs.
Thanks a mill
Re: Nat is driving me crazy
Posted: Sun Feb 17, 2008 1:01 am
by Chupaka
firewall - nat - add - dstnat - dst-address=your_external_address, dst-port=your_port, action = dst-nat, to-addresses = your_internal_ip, to-ports = your_internal_port
Re: Nat is driving me crazy
Posted: Sun Feb 17, 2008 10:08 am
by idelac3
Also make sure Connection Tracking is enabled. NAT won't work without it.
Re: Nat is driving me crazy
Posted: Fri Feb 22, 2008 5:52 pm
by machack
I have the same problem.
my firewall config:
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=10.50.0.0/24
1 chain=dstnat action=dst-nat to-addresses=10.50.0.2 to-ports=4899
in-interface=ether1 dst-port=7001 protocol=tcp
my ip config
# ADDRESS NETWORK BROADCAST INTERFACE
0 40.0.10.251/24 40.0.10.0 40.0.10.255 ether1
1 10.50.0.1/24 10.50.0.0 10.50.0.255 ether4
connection tracking
enabled: yes
tcp-syn-sent-timeout: 5s
tcp-syn-received-timeout: 5s
tcp-established-timeout: 1d
tcp-fin-wait-timeout: 10s
tcp-close-wait-timeout: 10s
tcp-last-ack-timeout: 10s
tcp-time-wait-timeout: 10s
tcp-close-timeout: 10s
udp-timeout: 10s
udp-stream-timeout: 3m
icmp-timeout: 10s
generic-timeout: 10m
tcp-syncookie: no
max-entries: 524288
total-entries: 4
Please help!!!
Re: Nat is driving me crazy
Posted: Fri Feb 22, 2008 6:52 pm
by kthameen
I have the same problem.
my firewall config:
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=masquerade src-address=10.50.0.0/24
1 chain=dstnat action=dst-nat to-addresses=10.50.0.2 to-ports=4899
in-interface=ether1 dst-port=7001 protocol=tcp
my ip config
# ADDRESS NETWORK BROADCAST INTERFACE
0 40.0.10.251/24 40.0.10.0 40.0.10.255 ether1
1 10.50.0.1/24 10.50.0.0 10.50.0.255 ether4
connection tracking
enabled: yes
tcp-syn-sent-timeout: 5s
tcp-syn-received-timeout: 5s
tcp-established-timeout: 1d
tcp-fin-wait-timeout: 10s
tcp-close-wait-timeout: 10s
tcp-last-ack-timeout: 10s
tcp-time-wait-timeout: 10s
tcp-close-timeout: 10s
udp-timeout: 10s
udp-stream-timeout: 3m
icmp-timeout: 10s
generic-timeout: 10m
tcp-syncookie: no
max-entries: 524288
total-entries: 4
Please help!!!
This should help you
chain=dstnat dst-address=40.0.10.251 action=dst-nat to-addresses=10.50.0.2 to-ports=4899 dst-port=7001 protocol=tcp
Re: Nat is driving me crazy
Posted: Fri Feb 22, 2008 7:04 pm
by fosben
also got a problem with dst nat. Its set up like Chupaka posted and connection tracking is on.
When I connect to my external ip from another computer its able to display some of the page, but very very slowly and the pictures fails. Also I noticed that IE displayed my internal ip at the status bar when it loads the page..
Im using a rb112, ros v3.3. This setting worked fine earlier (v 2-9), but as I didnt need the dst nat for some time it was disabled until now..