We recently "upgraded" our Internet service with ATT. They provided an ARRIS BGW 210 Gateway.
Previously we had ATT U verse service using a 5268AC FXN whihc worked as a cascaded router
Our service including a block of Public IP addresses. Previously I used iptables to provide a 1 to NAT translating between public and private IP addresses. Under teh old Gateway we configured a 'Cascaded Router' set it to the IP address of the server running iptables and everything worked.
Here are the router settings I've tried:
Code:
Cascaded Router
Cascaded Router Enable - Yes
Cascaded Router Address - 192.168.1.1
Network Address -aa.bb.cc.8
Subnet Mask 255.255.255.48
With the new Gateway whenever I try to configure the Cascading Router the Gateway freezes saying "Session Rejected"
The iptables rules are stored in a file called /etc/iptable.rules:
Code:
: PREROUTING ACCEPT [66316:6289839]
:INPUT ACCEPT [33999:3265034]
:OUTPUT ACCEPT [10562:903361]
: POSTROUTING ACCEPT [4:240]
-A PREROUTING -d aa.bb.cc.14/32 -j DNAT --to-destination 192.168.1.1
-A PREROUTING -d aa.bb.cc.9/32 -j DNAT --to-destination 192.168.1.2
-A PREROUTING -d aa.bb.cc.10/32 -j DNAT --to-destination 192.168.1.3
-A PREROUTING -d aa.bb.cc.11/32 -j DNAT --to-destination 192.168.1.28
-A PREROUTING -d aa.bb.cc.12/32 -j DNAT --to-destination 192.168.1.29
-A PREROUTING -d aa.bb.cc.13/32 -j DNAT --to-destination 192.168.1.4
-A POSTROUTING -s 192.168.1.1/32 -j SNAT --to-source aa.bb.cc.14
-A POSTROUTING -s 192.168.1.2/32 -j SNAT --to-source aa.bb.cc.9
-A POSTROUTING -s 192.168.1.3/32 -j SNAT --to-source aa.bb.cc.10
-A POSTROUTING -s 192.168.1.28/32 -j SNAT --to-source aa.bb.cc.11
-A POSTROUTING -s 192.168.1.29/32 -j SNAT --to-source aa.bb.cc.12
-A POSTROUTING -s 192.168.1.4/32 -j SNAT --to-source aa.bb.cc.13
checking the actual rules here is what I get:
Code:
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- anywhere aa.bb.cc.14 to:192.168.1.1
DNAT all -- anywhere aa.bb.cc.9 to:192.168.1.2
DNAT all -- anywhere aa.bb.cc.cc to:192.168.1.3
DNAT all -- anywhere aa.bb.cc.11 to:192.168.1.28
DNAT all -- anywhere aa.bb.cc.12 to:192.168.1.29
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- hamlet anywhere to:aa.bb.cc.14
SNAT all -- 192.168.1.2 anywhere to:aa.bb.cc.9
SNAT all -- 192.168.1.3 anywhere to:aa.bb.cc.cc
SNAT all -- romulus.local anywhere to:aa.bb.cc.11
SNAT all -- remus.local anywhere to:aa.bb.cc.12
MASQUERADE all -- anywhere anywhere
SNAT all -- hamlet anywhere to:aa.bb.cc.14
SNAT all -- hamlet anywhere to:aa.bb.cc.14
SNAT all -- hamlet anywhere to:aa.bb.cc.14
The only problem I've been been to come up with is that the above command takes almost 3 minutes to complete, which seems far too long.