Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-23-2014, 02:09 PM
|
#1
|
Member
Registered: Jan 2006
Distribution: arch, CentOS
Posts: 83
Rep:
|
double NAT'ing?
Hey people,
I have the setup as shown in the picture at:
http://a.pomf.se/rkbntn.png
Well, the problem is also there, I able to access the Server from my laptop but not my laptop from the server :/
Even the ping does not reply, Server is CentOS 6.5 (yes, SELinux is disabled and IPtables does not stop icmp ping requests) and laptop has Arch linux (firewall on Arch box are disabled for testing purposes).
I suspect it has to do something about double NAT'ing but not sure how to figure it out. I am a little novice when it comes to networking...
Any help will be greatly appreciated.
Best Regards,
|
|
|
04-23-2014, 05:10 PM
|
#2
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep:
|
I took the liberty of creating a slightly more readable network diagram (rgistered_diagram1); I hope I got the details right. If I did, your problems are not really NAT-related, but NAT is what's keeping the one-way traffic (and Internet access) working.
Hosts on the 192.168.0.0/24 network use the wireless router as their gateway, which NATs all outgoing traffic behind 192.168.2.2. To hosts on the 192.168.2.0/24 network the traffic appears to originate from 192.168.2.2, so they send replies to the wireless router which de-NATs the packets and forwards them to the correct hosts on the 192.168.0.0/24 network. That's why traffic from the laptops to the server works.
If you try to reach a host on the 192.168.0.0/24 network from a host in the 192.168.2.0/24 network, the host realizes that 192.168.0.x-addresses are in a different network, and sends the packet to the gateway, 192.168.2.1. This gateway knows nothing of 192.168.0.0/24, but has a default route to the Internet. The packet is forwarded to an upstream Internet router, which simply discards it since the destination address is in a private network. This is why you can't reach 192.168.0.0/24 from 192.168.2.0/24.
There are two possible solutions: - Configure proper routing. This involves disabling NAT on the wireless router and adding a route to 192.168.0.0/24 via 192.168.2.2 on the wired (Internet) router.
- Use the wireless router as an access point (see rgistered_diagram2). To do this, simply disable the DHCP service on the router and connect the uplink cable to a LAN port instead of the WAN port. Leave the WAN port disconnected.
I recommend the second approach. Actually, it may not be possible to disable NAT on a consumer-grade wireless router, but using it as a AP/bridge will definitely work.
|
|
|
04-23-2014, 05:11 PM
|
#3
|
LQ Guru
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573
|
The netmask is what tells your OS which IPs are on the local network and can be accessed directly, versus which IPs are remote and need to pass through the gateway. A default netmask of 255.255.255.0 means that any IP that matches the first three sets is on the local network and can be accessed directly, while any IP that does not match the first three sets is remote and needs to be accessed through the gateway.
Lets start by looking at the laptop -> server connection
laptop: 192.168.0.4
server: 192.168.2.253
The laptop sees the 192.168.2.x IP, compares it to the netmask, realizes its not on the local network, and goes to the gateway for assistance. Now you have the gateway (wifi router) looking for 192.168.2.253
gateway: 192.168.2.2
server: 192.168.2.253
The wifi router says, "Hey, that's on my network!", and it routes the connection directly to the server, everybody is happy.
Now let's look at the server -> laptop connection
server: 192.168.2.253
laptop: 192.168.0.4
The server sees the 192.168.0.x IP, compares it to the netmask, realizes its not on the local network, and goes to the gateway for assistance. Now you have the gateway (cable modem router) looking for 192.168.0.4
The gateway sees the 192.168.0.x, compares it to the netmask, realizes its not on the local network, and goes to its gateway (at your ISP) for assistance. The ISP says that's not a valid address, and the connection breaks.
If you want to think of it simple terms, connections can always go UP in the subnet tree, but they cannot go down without assistance. In order for the server to access the laptop, it needs to go to the laptop's router at 192.168.2.2 first, then the router can push it from there. How is the server supposed to know that when you type in "192.168.0.4" it needs to go to "192.168.2.2"? It doesn't, and that's why the connection breaks.
So you have a couple of options.
1) Configure the wifi router to forward incoming packets on your desired port (eg: 22 for SSH) to your laptop at 192.168.0.4. Then on your server, you would connect to 192.168.2.2. The router would see the incoming packet, and then forward it to the laptop as you told it.
2) Reconfigure your wifi router to act as bridge instead of a router. Usually this can be done by connecting the ethernet cable (the one on the 192.168.2.x subnet) to one of the LAN ports (right now you probably have it on the WAN port), and disabling the DHCP server in the wifi router. If you do this, all of your devices, wifi and not, will be handled by the 192.168.2.0 router, and the wifi router will simply bridge the connection to any wireless devices. This would change your laptop's IP from 192.168.0.4 to 192.168.2.x (where the "x" will be decided by the 192.168.2.0 DHCP server when you go to connect), and you should be able to get bidirectional communication between any device on your wired or wifi network without any headaches.
Last edited by suicidaleggroll; 04-23-2014 at 05:13 PM.
|
|
|
04-23-2014, 05:13 PM
|
#4
|
LQ Guru
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,573
|
LOL
1 minute too late, with pretty much the exact same information. I guess that's one way for the OP to know that the advice he's seeing is correct...
|
|
|
04-24-2014, 01:45 AM
|
#5
|
Member
Registered: Jan 2006
Distribution: arch, CentOS
Posts: 83
Original Poster
Rep:
|
Ser Olmy, suicidaleggroll
Thank you both a lot for this awsome explanation. It is all clear now and I will try to bridge the connection from modem to wifi router once at home as that seems to be the easy way out. If that did not work, then I will setup the port forwarding on wifi router.
I feel stupid not to discuss this issue here before. You guys are awsome!
Best Regards,
|
|
|
04-24-2014, 01:05 PM
|
#6
|
Member
Registered: Jan 2006
Distribution: arch, CentOS
Posts: 83
Original Poster
Rep:
|
Hi guys,
That actually did the trick. I disabled the DHCP from wifi router and plugged in the cable from MODEM to one of the LAN ports on wifi router instead of WAN port. Everything seems to be working now. Laptops are now in 192.168.2.x subnet and I can access the server from laptops and vice versa.
Thanks a lot.
Regards,
|
|
|
All times are GMT -5. The time now is 11:22 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|