IP Masquerading/UPnP problem - port not forwarding through multiple NATs
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
IP Masquerading/UPnP problem - port not forwarding through multiple NATs
So here is my setup. I am piggybacking wireless from a friend of mine, but I want to have my own internal wireless network as well that is secure from him. Currently, my Suse 10.1 box is logged into his wireless router and doing IP Masquerading/DHCP to my wireless router so that my other computers/printers are seperate from his stuff.
Now to the problem. I am trying to get Azureus to work (read no NAT errors) on my windows computer that connects to my wireless router. The linux box doing the routing has no problems as I just allowed the Azureus port in my firewall. I thought that would also allow my windows computer to not have problems, but it is getting NAT errors. I don't believe the problem is on my wireless router, because if I try to make my linux box listen on the same port that the windows box is listening on, I get a message from Azureus "UPnP: Mapping 'Nat Tester (TCP/#####)' has been reserved by 'xxx.xxx.xx.xx' - please select a different port." Also, I am able to telnet to that port on the windows machine from my linux box.
I'm no UPnP expert, but it seems that either
A) my linux firewall is allowing traffic to itself but not to other computers on the WLAN or
B) there is some problem with UPnP and multiple layers of NAT (his wireless NAT to my wireless NAT)
If you have somehow managed to read this far, I could really use any thoughts or suggestions as to how I can get to the bottom of this. I'm not quite a newbie, but I'm certainly no expert either and I could use all input.
So it goes Internet -> my friends wireless router 192.168.1.1/255.255.255.0 -> my linux box doing IP masq/DHCP to my router 192.168.10.5/255.255.255.0 -> the other machines on my LAN. My Linux box wireless card is assigned a dynamic IP on my friends router and the ethernet card is acting as the gateway so I made it's IP static at 192.168.10.1. If that is too confusing I can try to draw it up in visio or paint or something.
Since you are asking, does the subnet mask have something to do with this? I'm no network guru but I thought this is how it should be set up (not the same octet but same subnet mask.) Again, any and all input is appreciated.
In this case; at first, you windows client would be having your linux box as its gateway & then you windows box would be having the dns server ip specified as well, then you'd be doing MASQUAREDING at your linux router while you recieve requests from your windows client & then your wireless router would be forwarding these MASQd packets to your friends wireless router & there he would be doing another MASQ or SNATing to let these packets out.
Is this the path you guys are following ?
Btw are you experiencing problems only in the case of P2P connections only or the internet from your windows client is not working as well ?
Yes, this is the path that we are following. My windows clients have access to the Internet, and as far as I can tell, this UPnP port problem back to my windows clients is the only problem with the setup. I bet if we went the static IP route then I could forward ports at each firewall and make it work, but my friend doesn't want to do that, and I was trying to see if we could get it working with DHCP all around. The only apps I need this for would be ones that utilize UPnP (Azureus and possibly an xbox 360 in the future...).
I have read a little bit about a package called linux-igd. It seems to solve some people's problems with UPnP, but that message I got from Azureus in the first post is making me thing I don't need that. I don't know much about Azureus, but somehow must have known that my windows machine was reserving that port via UPnP. I'm guessing it tried to reserve it at my friends router and got denied. That means the messages are probably getting out to reserve the port, but not getting back in somehow. And the fact that UPnP works when connecting to his router leads me to believe that possibly my firewall is blocking those requests, even though I have specifically allowed them in my firewall. I may try to install this linux-igd and see what I can get done with it. I'm also no networking guru, but I'm going to attempt to learn how to use ethereal and see if I can see what is going on.
Thank you for your help, and if you have any other suggestions or thoughts, keep em coming while I get back to you to see if any of this works.
In this case; for the troubleshooting part, lets go hop by hop. As your linux router sits infront of your windows box at first place, we'll start tcpdump'ing the packets here at first, use the "tcpdump -nn > output-file" & post it here during your p2p application tries to connect.
Kindly also post the output of iptables -nvL & iptables -t nat -nvL from your linux router box.
I did not know how much of the tcpdump you would need, so I made sure it caught enough, but the output it too much to post here so I have linked it at http://joslnx.no-ip.org/bb/out.txt
Ricka,
Your own linux router's firewall doesnt stand as any bottleneck & nor did your tcpdump log suggested any problems. In fact i can see your box, 192.168.1.59 sending packets to too many peers in form of udp & until this linux router i have seen about 40% replies of these outbound udp packets also. The other thing i have noticed is that all your packets from windows box are being generated & rxd at port nos 28171. So until here everything is well. Now you got to make sure that you are actually recieving all these packets at your windows box itself. You can use any packet logger(ethereal is available for windows) to confirm that as well. Though i think that would'nt be the case.
Did you tried disabling the upnp functionality at your azureus also ? What exactly the NAT tester says at azureus ?
Hey btw i do not know anything about azureus, but at communication level.. things look fine from the tcpdump log & iptables rules.
Did you see this link until now http://www.azureuswiki.com/index.php/NAT_problem, do see maybe you can find something interesting.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.