Reply
bku09
Posts: 4
Registered: ‎05-31-2011

E4200 NAT Issue

so i got my e4200 today, at first the configuration seemed to be straight forward but now i'm stuck with a NAT issue:

 

the problem: it's not possible to NAT to a different IP other than 192.168.1.X/24 ? (main bridged LAN/WLAN network) 

 

i have two /24 networks behind a server (192.168.1.2), so I setup advanced routing on my e4200 (192.168.1.1) :

192.168.2.0/24 via 192.168.1.2 

192.168.3.0/24 via 192.168.1.2

 

now I want to NAT port XXX directly to 192.168.3.2 which shouldn't be problem because of the static routes (INTERNET --> E4200 --> SERVER --> VM), but that's not possible via the e4200 webfrontend?  ... any ideas?

 

thanks,

Bernd

 

 

 

 

 

 

 

binky
Posts: 2,613
Registered: ‎09-07-2006

Re: E4200 NAT Issue

Unfortunately, that won’t be possible.
As I’m sure you’ve already seen on the setup interface of the router, the first three octets are locked and you’re only allowed to put in the last octet of the IP address that you want to forward/NAT the ports to.

bku09
Posts: 4
Registered: ‎05-31-2011

Re: E4200 NAT Issue

i know, but why the heck did they lock the first three octets in the first place? that makes no sense at all ... i know that very few people will actually want to DNAT to a different subnet via a local gateway, but anyway ... i also had no luck with the nat webfrontend POST request, because it only sends the last ocetet, so no chance to manipulate a post request there ...

 

that would be a minor change, so please ... but i'm afraid nobody from the development team will notice my post here :-) so it looks like my only option is to install ddwrt / tomatousb in the near future, right ?

 

Bernd

Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: E4200 NAT Issue

It's not possible for two reason:

1. You cannot configure port forwarding to an IP address outside the directly connected LAN. (You know that already...)

2. You cannot configure NAT to translate source IP addresses other than the directly connected LAN subnet, i.e. your other IP subnets don't have internet access anyway, thus forwarding packets from the internet there would be a one-way street...

These routers are not designed to be used with other routed LAN subnets if the router is the NAT gateway...
bku09
Posts: 4
Registered: ‎05-31-2011

Re: E4200 NAT Issue

>> 1. You cannot configure port forwarding to an IP address outside the directly connected LAN. (You know that already...)

 

i know, but it should be possible if there is a static route in place ... ddwrt & tomato and even older linksys firmwares worked fine with that before.


>> 2. You cannot configure NAT to translate source IP addresses other than the directly connected LAN subnet, i.e. your other IP subnets don't have internet access anyway, thus forwarding packets from the internet there would be a one-way street...

 

not entirely true, if i run an apache in this subnet the DNAT would work because of the connection tracking on the e4200 ... and with outgoing connections from a different network: just SNAT the whole 192.168.0.0/16 on the e4200 or let the customer decide what to masquerade via webfrontend ...

 

again, i know that the normal customor don't need this kind of functionality but is having multiple subnets at home really that uncommon ?

Expert
Expert
Posts: 12,649
Registered: ‎07-16-2006

Re: E4200 NAT Issue

Right. With DNAT the server response would get back and be translated when going into the internet...

They don't SNAT the whole 192.168.0.0/16. They only do the LAN subnet.

I think for a average consumer home network multiple subnets is uncommon or at least not wanted. I think almost everybody in this forum who sets up a second router (because they wanted to extend the wireless coverage) eventually prefers the LAN-LAN setup (i.e. everything is only a single subnet, LAN, broadcast domain) to the WAN-LAN setup (when standard LAN discovery won't work anymore).

Linksys always had a very strict policies regarding the features available through the web interface. They prefer to be strict and limited and only allow very few functions. For instance, you can't configure wireless routers as wireless bridge or repeater unlike other brands. Only with the latest E4200 firmware they added a bridge mode to allow the use of the router as access point (the LAN-LAN setup is more like a trick to get it done).

So, compared to other brands there are quite a lot of things you may find elsewhere but not on a Linksys. That way consumer users cannot make too many mistakes and mess everything up... ;-)
bku09
Posts: 4
Registered: ‎05-31-2011

Re: E4200 NAT Issue

[ Edited ]

>> So, compared to other brands there are quite a lot of things you may find elsewhere but not on a Linksys. That way consumer users cannot make too many mistakes and mess everything up... ;-)

 

and i thought the software which comes with the cd is for the normal consumer and that the webfrontend is a little bit more on the geeky side :-) anyway, i don't want to double DNAT (sip is getting really upset when double natting :-) and i also don't want to bridge my vm's on the local network ... so, tomatousb or ddwrt it is ...

 

thanks anyway!