Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

iptables, double nat question.

Status
Not open for further replies.
meekrob

meekrob

MIS
Feb 13, 2002
127
US
Hi,

I've been using iptables for years now, but perhaps I don't really understand how NAT works.

I have an iptables firewall (firewall box) running behind an actiontec dsl router. The actiontec actually runs an embedded linux w/ iptables. Behind the firewall box is a Linux samba server that I need to access using ssh. I also access the firewall box over ssh. I use port 22 for the firewall box and forward port 222 to the samba box port 22. This set up worked great using Cox, (with a bridging router). The DSL router is set to pass everything to the firewall, using NAT (I think).

The result is that I can ssh to port 22 accessing the firewall. However, I cannot access port 222 to the samba box. If I plug in my laptop on the interface connected to the dsl router I can access 222 - showing that the firewall is forwarding 222 to the samba server.

My theory is that iptables doesn't like the fact that I am NATting twice, once on the DSL router and then on the firewall. I'm looking for someone with a better understanding of NAT to explain why, and of course a solution would be nice.

I could ssh into the firewall and then ssh into the samba box, but that isn't what I'm looking for. My rsync over ssh backups require a direct ssh connection.

Thank you for reading this convoluted story! Thanks in advance for any comments or advice.
 
Sort by date Sort by votes
Could you diagram this? I'm having a hard time getting my head around your situation.

If you're talking about something like:

Client -- NAT Router -- Internet -- NAT Router -- Samba Server

there shouldn't be any problem.
 
Upvote 0 Downvote
It's more like:

Client(SSH)-NAT Router-Internet-NAT Router(Actiontec GT-701b)-NAT Router(Linux iptables dedicated firewall)-Samba Server
 
Upvote 0 Downvote
Question: if you are already forwarding all ports from the DSL router to the linux box, why is the linux box there?

Suggestion: if you need to keep this configuration, try a many-many NAT between the DSL router and the linux box instead of one-many.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AbidingDude
  • Locked
  • Question
Newbie Apache Cache Question
Replies
5
Views
394
AbidingDude
AbidingDude
johngiggs
  • Locked
  • Question
Regex Question
Replies
1
Views
168
johngiggs
johngiggs
fzx5v0
  • Locked
  • Question
IPTables outgoing firewall rules
Replies
1
Views
157
minicompbx
minicompbx
abrooks3640
  • Locked
  • Question
Two Servers on One Machine - iframe question
Replies
0
Views
107
abrooks3640
abrooks3640
maccarone
  • Locked
  • Question
Using iptables for internal nattined Virtual machine
Replies
0
Views
107
maccarone
maccarone

Part and Inventory Search

Sponsor

Back
Top