switch mode, how to give a public IP behing a NAT
Guus Sliepen
guus at tinc-vpn.org
Thu Mar 22 12:29:44 CET 2012
On Wed, Mar 21, 2012 at 08:48:21PM +0100, Cédric Lemarchand wrote:
> Today i am trying to make an ethernet bridge beetween 2 sites for video
> conference needs, the raison is that 1 side is behind nat, and i dont
> have access on the gate, other side is on public range. Because off H323
> that doesn't handle unconfigured NAT, i would like to give a public IP
> to the video device.
Sounds reasonable.
> Video (V1) <==> Node 1 (N1) <=GATE / NAT=> WWW <=GATE / PUB=> Node 2 (N2)
>
> V1 has fixed public IP in the range of N2, and the ip of GATE has
> default gateway.
Hm, but if you want any host on the internet to be able to reach V1, the
default gateway for V1 should be N2, not GATE.
> N1 has eth0 on the lan, br0 is a bridge of eth1 (where i want to plug
> the video device) and the tinc interface.
> N2 has is public IP on br0, which is a bridge of eth0 and the tinc
> interface.
[...]
> When i try to ping GATE from V1, i can see arp request crossing the VPN
> (on both br0 interfaces), packet capture on GATE show the arp reply, but
> this arp reply never come back on the bridge br0 of N2. (N2 is using
> GATE has default gateway too)
I think that is normal. The ARP request is a broadcast packet, so you should
see that on all the interfaces. But the ARP reply is a unicast packet, so it is
only sent to V1. The bridge on N1 should therefore not forward it to the VPN
interface, so N2 will never see this ARP reply.
But you seem to be implying that you cannot ping GATE from V1. It would help if
you could show is the routing tables on V1, N1 and N2, and which IP addresses
V1 and GATE have.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20120322/c21e4c19/attachment.pgp>
More information about the tinc
mailing list