Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Access to Gentoo behind ISP (BT) supplied NAT router
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
guymartin
n00b
n00b


Joined: 27 Sep 2002
Posts: 7

PostPosted: Wed Nov 26, 2003 10:29 am    Post subject: Access to Gentoo behind ISP (BT) supplied NAT router Reply with quote

I have a NAT router that my ISP (BT Openworld) supplied, that I am unable to change the configuration of (no manual and contract prohibits).

On my internal network, I have a Gentoo box, that is my DynDNS/DHCP server, along with Mail, and internal web, and various other services. I want to be able to get to the Gentoo box from the outside world.

There's plenty of advice on the forums available on NAT, port-forwarding and routers, but they are invariably talking about a Gentoo box as the NAT router.

Is this possible, or do I need to be able to change the NAT router config?

Thanks in advance
Back to top
View user's profile Send private message
laffer
n00b
n00b


Joined: 08 May 2003
Posts: 33
Location: Kalamazoo, MI

PostPosted: Wed Nov 26, 2003 10:46 am    Post subject: Reply with quote

The one problem you have is that the ISP is in control of your router.

Keep in mind that the external interface of your router is publicly accessible, but the internal interface, which is the separator, can only (most likely) be reached via your internal network for outbound traffic. In this case, I'm assuming that inbound traffic must have been initiated from your internal network and it allows it back as part of the TCP stream. NAT can be accomplished, however, it would need to be done at the network edge by allowing traffic destined for your external IP to be port forwarded or NAT'ed internally to specific destinations as defined by the NAT rule.

Mike
Back to top
View user's profile Send private message
guymartin
n00b
n00b


Joined: 27 Sep 2002
Posts: 7

PostPosted: Wed Nov 26, 2003 11:15 am    Post subject: Reply with quote

So the bottom line is that I can't do what I want unless I have access to the config of my router? An incoming packet with no destination other than the router's IP address won't know where to go, is that it? I would need to be able to tell the router to send traffic that arrives on port 80 for example, to a particular internal IP address - is that correct?
Back to top
View user's profile Send private message
laffer
n00b
n00b


Joined: 08 May 2003
Posts: 33
Location: Kalamazoo, MI

PostPosted: Wed Nov 26, 2003 11:49 am    Post subject: Reply with quote

You are correct. Any incoming packet that would be destined to your external interface, but does not know where to go would be dropped. The router would need a single or multiple NAT or PAT rules defined to forward the packet to the appropriate internal, non-routeable, destination address.

Is your ISP supplied router required? Do they give you multiple IP addresses? I'm curious because smoothwall.org is a linux-based firewall developed in the UK that has extensive support for USB xDSL cards and all of the features you'd need. Thanks!

Mike
Back to top
View user's profile Send private message
guymartin
n00b
n00b


Joined: 27 Sep 2002
Posts: 7

PostPosted: Wed Nov 26, 2003 12:05 pm    Post subject: Reply with quote

Unfortunately it is required currently. Not sure if I can change it for some other device - I'll have to find out.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum