editor
698
edits
Router - TG582N - Mixed NAT: Difference between revisions
clean up
No edit summary |
(clean up) |
||
| (10 intermediate revisions by 2 users not shown) | |||
|
[[Image:T582-small.png|link=:Category:Router TG582N|Got to Main TG582N Page]]
subnet does not get NATed. Or, looking at it differently, adding a subnet of (e.g.)
RFC1918 addresses which will be NATed on a router with an existing routeable IP block setup.
▲This is how to configure a technicolor gateway with two subnets on its
▲local network such that one gets translated and the other does
▲not. This configuration is not recommended, far better to use a real
router made out of FireBrick, BSD or Linux that gives proper control of things
on an address level rather than on an interface level.
Firstly, you need to put a public address on the
Supposing you have been assigned 192.0.2.0/24 as your public network,
to NAT things on its "Internet" interface. There is no way to undo
this as such, and preserve the ability to NAT the non-routeable
addresses. The workaround is to add some strange ''transparent'' NAT
rules:
{Administrator}=>:nat mapadd intf=Internet type=nat outside_addr=192.0.2.2 inside_addr=192.0.2.2
Now the host at 192.0.2.2 won't have its address translated. Or rather
it will, but it will get translated to exactly the same
this needs to be added for each of the public addresses that have been
assigned. Thankfully these days only small blocks are obtainable.
''[Actually according to an application note it is possible to specify address ranges, e.g.''
:nat mapadd intf=Internet type=nat outside_addr=192.0.2.[2-6] inside_addr=192.0.2.[2-6]
''but your author doesn't have enough routeable addresses to check that this works.]''
== Firewalling ==
There is still a problem, however, if you want to allow unfettered▼
access inbound to that address -- it will get caught by the stateful▼
firewall. Again there appears to be no way to selectively disable the
keeping of state, so it must be turned off globally:
of any help for security.
== Changing the outside address used by NAT ==
[[Category:Router TG582N]]▼
By default NAT will use the PPP assigned IPv4 address as the outside
address. It might be preferred to use one of the public IP addresses
as the outside address instead, this can be achieved by entering
:nat mapadd intf=Internet type=napt outside_addr=192.0.2.42
If you want to get clever, it's possible to add an ''access_list''
parameter to restrict the mapping to specified inside addresses,
so you could NAT some inside address blocks to one outside address, and
others to a different outside address. And even add a ''foreign_addr''
parameter to only use this mapping for a range of destination addresses.
Note that when PPP IPCP comes up it automatically adds an entry like
:nat mapadd intf=Internet type=napt outside_addr=<my_ppp_addr> weight=50
to the end of the NAT map - see
:nat maplist expand=enabled
but any entries made by the user will take priority.
Note also that specifying the outside address means that the outside address
used will not be that of any PPP link in use by the router. So, for example, if you have
a fallback to a 3G USB modem setup and the fallback takes place then you will
perhaps be sending packets with a source address of one of your AAISP addresses
rather than an auto-assigned address from your 3G provider. If your 3G is
AAISP's Broadband Backup product you'll be OK though.
==Other pages regarding this router==
<ncl style=bullet maxdepth=5 headings=bullet headstart=2 showcats=1 showarts=1 showfirst=1>Category:Router TG582N</ncl>
▲[[Category:Router TG582N|Mixed]]
| |||