Solved

Unusual NAT question

Posted on 2004-08-22
3
246 Views
Last Modified: 2010-03-18
I have to configure a rather unusual network address translation scheme in a linux box;

These are the interfaces and information about them

eth0 - This interface has the IP address of 10.10.4.5 with gateway 10.10.4.1
eth1 - This interface has the address of 2.2.2.1 and is a NAT gateway itself which is connected to a single machine with IP 2.2.2.5
eth2 - This interface has the address of 10.0.0.2 and connects to a private LAN

I wish to do the following operation with these three interfaces;

- [any] request from outside to eth0's local IP number 10.10.4.5 must first be redirected to 2.2.2.5 [that machine connected to eth1]
- The machine [2.2.2.5] that gets redirected packets from 10.10.4.5 must send them back 10.10.4.5**
!! But this 10.10.4.5 is a different host, not the local IP number assigned eth0. This causes all the problem in this scheme now...

To simplify the issue I could explain the following;

Consider that there is machine with two ethernet ports:
- 1st Ethernet port has an address assigned as 10.10.4.5
- 2nd Ethernet port has an address assigned as 10.0.0.2

These two networks are not in the same subnet physically, they are separate networks:

In the subnet to which the 2nd ethernet port is connected, there is a host whose address is the same as 10.10.4.5, and this address of this host must not be changed. So there are two networks, and two different hosts on both with the same address.

What can I do to resolve the issue without changing the IP addresses. (Indeed if I change the addresses it would be very easy, but it will not be convenient for our current network. We are just trying to connect one network to the other through two hosts that have the same IP address.

Any urgent help would be greatly appreciated...
0
Comment
Question by:Xephyr
  • 2
3 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
Comment Utility
I think what you need is a second NAT box on the 10.0.0.0/24 network with a static translation for the "other" 10.10.4.5 machine. That way the 2.2.2.5 box will be sending data to a 10.0.0.0 address, which doesn't result in a conflict with the outside IP of this router.
0
 

Author Comment

by:Xephyr
Comment Utility
The exact configuration is as follows;

eth0 - I wish to use IP address 10.10.4.5 as the own IP for the linux machine
eth1 - I wish to use IP address here which will send data to a different host but with the exact IP address I assigned to eth0

I tried this and it worked;

setting eth0 to 10.10.4.6 and using IPTables -DNAT --to 10.10.4.5, redirecting requests from any host in eth0 to eth1

But I wish to use 10.10.4.5 as my own IP address still and the system totally fails if I try to do as such. Perhaps there is a way to define that 10.10.4.5 (loopback it becomes) has a default route to eth1 --> 10.10.4.5, not the machine's own loopback adapter.

I would wish to hear something soon... (Adding a second NAT box is impossible because we have no place to add another machine here, I tried to use a virtual machine, but since it has to use the routing table of again the main host, routing still fails)
0
 
LVL 40

Expert Comment

by:jlevie
Comment Utility
If you define a given IP to an interface on this router you can't then send packets to another machine with the same IP that's connected to a different interface. In routing terms an IP is required to be unique meaning that there can be one ond only given IP "in view" of a node. So as stated you can't do what you are trying. The "other copy" of that IP would have to be hidden from the view of this router by a NAT device.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
„dd“ vs „ddrescue“ 28 198
CentOS7 Xvnc gdm login 9 173
linux / python expert needed 3 79
centos7 firewalld udp ports 33 56
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
This video discusses moving either the default database or any database to a new volume.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now