05-31-2011 06:19 AM
so i got my e4200 today, at first the configuration seemed to be straight forward but now i'm stuck with a NAT issue:
the problem: it's not possible to NAT to a different IP other than 192.168.1.X/24 ? (main bridged LAN/WLAN network)
i have two /24 networks behind a server (192.168.1.2), so I setup advanced routing on my e4200 (192.168.1.1) :
192.168.2.0/24 via 192.168.1.2
192.168.3.0/24 via 192.168.1.2
now I want to NAT port XXX directly to 192.168.3.2 which shouldn't be problem because of the static routes (INTERNET --> E4200 --> SERVER --> VM), but that's not possible via the e4200 webfrontend? ... any ideas?
06-01-2011 10:28 AM
Unfortunately, that won’t be possible.
As I’m sure you’ve already seen on the setup interface of the router, the first three octets are locked and you’re only allowed to put in the last octet of the IP address that you want to forward/NAT the ports to.
06-22-2011 11:16 AM
i know, but why the heck did they lock the first three octets in the first place? that makes no sense at all ... i know that very few people will actually want to DNAT to a different subnet via a local gateway, but anyway ... i also had no luck with the nat webfrontend POST request, because it only sends the last ocetet, so no chance to manipulate a post request there ...
that would be a minor change, so please ... but i'm afraid nobody from the development team will notice my post here :-) so it looks like my only option is to install ddwrt / tomatousb in the near future, right ?
06-22-2011 11:40 AM
06-22-2011 12:34 PM
>> 1. You cannot configure port forwarding to an IP address outside the directly connected LAN. (You know that already...)
i know, but it should be possible if there is a static route in place ... ddwrt & tomato and even older linksys firmwares worked fine with that before.
>> 2. You cannot configure NAT to translate source IP addresses other than the directly connected LAN subnet, i.e. your other IP subnets don't have internet access anyway, thus forwarding packets from the internet there would be a one-way street...
not entirely true, if i run an apache in this subnet the DNAT would work because of the connection tracking on the e4200 ... and with outgoing connections from a different network: just SNAT the whole 192.168.0.0/16 on the e4200 or let the customer decide what to masquerade via webfrontend ...
again, i know that the normal customor don't need this kind of functionality but is having multiple subnets at home really that uncommon ?
06-22-2011 12:51 PM
06-22-2011 01:03 PM - edited 06-22-2011 01:08 PM
>> So, compared to other brands there are quite a lot of things you may find elsewhere but not on a Linksys. That way consumer users cannot make too many mistakes and mess everything up... ;-)
and i thought the software which comes with the cd is for the normal consumer and that the webfrontend is a little bit more on the geeky side :-) anyway, i don't want to double DNAT (sip is getting really upset when double natting :-) and i also don't want to bridge my vm's on the local network ... so, tomatousb or ddwrt it is ...