NAT and NAT Server behind its own NAT(private network)

zeusys · 06-08-2011, 05:47 PM

Hi.
I have to do some networking tests.I'm experimenting some kind of ssh issues and it's only could be solved if I try to establish ssh connection in a Nested NAT network.
I want to implement a NAT on my PC,and somehow my outgoing internet traffic could transmit via this NAT.

First NAT private IP range (192.168.1.X) - Public IP (is a valid IP connected to internet)

Second NAT private IP range (192.168.150.X) - Public IP (one of IPs from 192.168.1.X range)

how I can force my computer which is second NAT,to tranfer its outgoing data through its own NAT?

It's a complicated situation.I hope I could give proper information.

frieza · 06-08-2011, 06:22 PM

for outbound traffic, it shouldn't matter how many layers of nat deep you go as long as the gateways are configured properly for each 'layer'

basically, the NAT machines should have two lan cards, an external interface and an internal interface, then the NAT happens between them

Code:

internet
   |
 modem
   |
  nat1 server (gateway = 'modem's internal ip')
   |
   +-nat1 lan (gateway = 'modem's internal ip')
   |
  nat2 server (gateway = 'nat1 server's internal ip')
   |
   +-nat2 lan (gateway = 'nat1 server's internal ip')

the nameserver IP should also be the same as the gateway ip

this is essentially how a DMZ is created
in a DMZ situation, public facing servers (such as web servers) would run in nat zone 1, then the actual company lan would be nat zone 2

the only real issue is when you want to forward INBOUND traffic into a deeper layer of nat, you would forward the necessary port from the modem to nat 1, then from nat 1 to nat 2 and then nat2 forwards the port to the actual machine.

hope this helps