"
UPDATE
Don't like this for an answer, but rebooted today and now the automatic outbound NAT works.
Don't like this for an answer, but rebooted today and now the automatic outbound NAT works.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
20.1 Legacy Series / outbound NAT
February 07, 2020, 01:21:33 AM
Working with 20.1 that has been factory reset for testing.
LAN interface
DHCP is assigning this interface 192.168.2.222
Route added -- 193.168.1.0/24 -> 192.168.2.222
WAN interface is connected to DD WRT router for testing.
DD WRT is assigned 193.168.1.1
DHCP has assigned WAN interface 193.168.1.129
Route added -- 192.168.2.0/24 -> 193.168.1.129
When using automatic NAT rules:
LAN 127.0.0.0/8 * * 500 LAN * YES Auto created rule for ISAKMP
LAN 127.0.0.0/8 * * * LAN * NO Auto created rule
WAN 127.0.0.0/8 * * 500 WAN * YES Auto created rule for ISAKMP
WAN 127.0.0.0/8 * * * WAN * NO Auto created rule
Packet captures on the WAN interface while ping is running and connection to DD WRT web interface:
WAN em0 00:30:10.025146 IP 192.168.2.170.41638 > 193.168.1.1.80: tcp 0
WAN em0 00:30:10.025267 IP 193.168.1.1.80 > 192.168.2.170.41638: tcp 0
WAN em0 00:30:10.025493 IP 192.168.2.170.41638 > 193.168.1.1.80: tcp 0
WAN em0 00:30:10.026023 IP 193.168.1.1.80 > 192.168.2.170.41638: tcp 0
WAN em0 00:30:10.856352 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 12, length 64
WAN em0 00:30:10.857010 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 12, length 64
WAN em0 00:30:11.037881 IP 192.168.2.170.41640 > 193.168.1.1.80: tcp 0
WAN em0 00:30:11.038510 IP 193.168.1.1.80 > 192.168.2.170.41640: tcp 0
WAN em0 00:30:11.038765 IP 192.168.2.170.41640 > 193.168.1.1.80: tcp 0
WAN em0 00:30:11.862251 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 13, length 64
WAN em0 00:30:11.862909 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 13, length 64
No NAT Translation. :(
When I use Manual outbound NAT rules:
WAN LAN net * * * Interface address * NO
WAN LAN net icmp/ * * icmp/ * Interface address * NO
Packet captures on the WAN interface while ping is running and connection to DD WRT web interface:
WAN em0 00:37:07.374455 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 426, length 64
WAN em0 00:37:07.375152 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 426, length 64
WAN em0 00:37:08.380369 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 427, length 64
WAN em0 00:37:08.381022 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 427, length 64
WAN em0 00:37:08.561750 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 0
WAN em0 00:37:08.562372 IP 193.168.1.1.80 > 193.168.1.129.29196: tcp 0
WAN em0 00:37:08.562658 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 0
WAN em0 00:37:09.042284 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 328
NAT translates HTTP but not ICMP. :-\
Not sure what I am missing. Everything else seems pretty self explanatory.
LAN interface
DHCP is assigning this interface 192.168.2.222
Route added -- 193.168.1.0/24 -> 192.168.2.222
WAN interface is connected to DD WRT router for testing.
DD WRT is assigned 193.168.1.1
DHCP has assigned WAN interface 193.168.1.129
Route added -- 192.168.2.0/24 -> 193.168.1.129
When using automatic NAT rules:
LAN 127.0.0.0/8 * * 500 LAN * YES Auto created rule for ISAKMP
LAN 127.0.0.0/8 * * * LAN * NO Auto created rule
WAN 127.0.0.0/8 * * 500 WAN * YES Auto created rule for ISAKMP
WAN 127.0.0.0/8 * * * WAN * NO Auto created rule
Packet captures on the WAN interface while ping is running and connection to DD WRT web interface:
WAN em0 00:30:10.025146 IP 192.168.2.170.41638 > 193.168.1.1.80: tcp 0
WAN em0 00:30:10.025267 IP 193.168.1.1.80 > 192.168.2.170.41638: tcp 0
WAN em0 00:30:10.025493 IP 192.168.2.170.41638 > 193.168.1.1.80: tcp 0
WAN em0 00:30:10.026023 IP 193.168.1.1.80 > 192.168.2.170.41638: tcp 0
WAN em0 00:30:10.856352 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 12, length 64
WAN em0 00:30:10.857010 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 12, length 64
WAN em0 00:30:11.037881 IP 192.168.2.170.41640 > 193.168.1.1.80: tcp 0
WAN em0 00:30:11.038510 IP 193.168.1.1.80 > 192.168.2.170.41640: tcp 0
WAN em0 00:30:11.038765 IP 192.168.2.170.41640 > 193.168.1.1.80: tcp 0
WAN em0 00:30:11.862251 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 13, length 64
WAN em0 00:30:11.862909 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 13, length 64
No NAT Translation. :(
When I use Manual outbound NAT rules:
WAN LAN net * * * Interface address * NO
WAN LAN net icmp/ * * icmp/ * Interface address * NO
Packet captures on the WAN interface while ping is running and connection to DD WRT web interface:
WAN em0 00:37:07.374455 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 426, length 64
WAN em0 00:37:07.375152 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 426, length 64
WAN em0 00:37:08.380369 IP 192.168.2.170 > 193.168.1.1: ICMP echo request, id 6171, seq 427, length 64
WAN em0 00:37:08.381022 IP 193.168.1.1 > 192.168.2.170: ICMP echo reply, id 6171, seq 427, length 64
WAN em0 00:37:08.561750 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 0
WAN em0 00:37:08.562372 IP 193.168.1.1.80 > 193.168.1.129.29196: tcp 0
WAN em0 00:37:08.562658 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 0
WAN em0 00:37:09.042284 IP 193.168.1.129.29196 > 193.168.1.1.80: tcp 328
NAT translates HTTP but not ICMP. :-\
Not sure what I am missing. Everything else seems pretty self explanatory.
Pages1
