| View previous topic :: View next topic |
| Author |
Message |
guymartin
n00b
Joined: 27 Sep 2002
Posts: 7
|
 Posted: Wed Nov 26, 2003 10:29 am Post subject: Access to Gentoo behind ISP (BT) supplied NAT router |
 |
|
I have a NAT router that my ISP (BT Openworld) supplied, that I am unable to change the configuration of (no manual and contract prohibits).
On my internal network, I have a Gentoo box, that is my DynDNS/DHCP server, along with Mail, and internal web, and various other services. I want to be able to get to the Gentoo box from the outside world.
There's plenty of advice on the forums available on NAT, port-forwarding and routers, but they are invariably talking about a Gentoo box as the NAT router.
Is this possible, or do I need to be able to change the NAT router config?
Thanks in advance |
|
| Back to top |
|
 |
laffer
n00b
Joined: 08 May 2003
Posts: 33
Location: Kalamazoo, MI
|
| Posted: Wed Nov 26, 2003 10:46 am Post subject: |
|
|
The one problem you have is that the ISP is in control of your router.
Keep in mind that the external interface of your router is publicly accessible, but the internal interface, which is the separator, can only (most likely) be reached via your internal network for outbound traffic. In this case, I'm assuming that inbound traffic must have been initiated from your internal network and it allows it back as part of the TCP stream. NAT can be accomplished, however, it would need to be done at the network edge by allowing traffic destined for your external IP to be port forwarded or NAT'ed internally to specific destinations as defined by the NAT rule.
Mike |
|
| Back to top |
|
|
guymartin
n00b
Joined: 27 Sep 2002
Posts: 7
|
| Posted: Wed Nov 26, 2003 11:15 am Post subject: |
|
|
| So the bottom line is that I can't do what I want unless I have access to the config of my router? An incoming packet with no destination other than the router's IP address won't know where to go, is that it? I would need to be able to tell the router to send traffic that arrives on port 80 for example, to a particular internal IP address - is that correct? |
|
| Back to top |
|
|
laffer
n00b
Joined: 08 May 2003
Posts: 33
Location: Kalamazoo, MI
|
| Posted: Wed Nov 26, 2003 11:49 am Post subject: |
|
|
You are correct. Any incoming packet that would be destined to your external interface, but does not know where to go would be dropped. The router would need a single or multiple NAT or PAT rules defined to forward the packet to the appropriate internal, non-routeable, destination address.
Is your ISP supplied router required? Do they give you multiple IP addresses? I'm curious because smoothwall.org is a linux-based firewall developed in the UK that has extensive support for USB xDSL cards and all of the features you'd need. Thanks!
Mike |
|
| Back to top |
|
|
guymartin
n00b
Joined: 27 Sep 2002
Posts: 7
|
| Posted: Wed Nov 26, 2003 12:05 pm Post subject: |
|
|
| Unfortunately it is required currently. Not sure if I can change it for some other device - I'll have to find out. |
|
| Back to top |
|
|
|
Networking & Security
