[ previous ] [ next ] [ threads ]
 
 From:  Eric Collins <eric at tawifi dot com>
 To:  Monowall List <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Nat behind a NAT a bad idea?
 Date:  Fri, 06 Aug 2004 13:34:29 -0700
Just m0n0wall or sometimes you can just reset the state, its only 
occasionally that it happens with FTP (or at least from what I have seen) I 
may go 2 weeks without it happening, other times maybe 2 days (I think it 
is server dependent), and we do lots of FTP transfers in our offices.

-Eric

At 12:37 PM 8/6/2004 -0700, Joe Lagreca wrote:

>You say reboot.  Do you mean the local machine, the m0n0wall of the router?
>
>I think this is the way I will go.  I was just a little afraid because
>of a story I heard.  Thanks for the info.
>
>Joe
>
>
>On Fri, 06 Aug 2004 12:04:55 -0700, Eric Collins <eric at tawifi dot com> wrote:
> > NAT behind NAT works pretty good for us in most cases, one thing I have
> > noticed is that FTP states get a little weird sometimes, nothing a quick
> > reboot won't fix.
> >
> > -Eric
> >
> >
> >
> > At 11:53 AM 8/6/2004 -0700, Joe Lagreca wrote:
> >
> > >If I set each router to pass IPSEC traffic, will that solve the problem?
> > >
> > >I don't see this being a big problems, as most users will probably not
> > >use an IPSEC VPN.  However I'm not positive they won't use it, and
> > >would like to have everything setup so they can do pretty much
> > >anything without a hitch.
> > >
> > >Thanks.
> > >
> > >Joe
> > >
> > >
> > >On Fri, 06 Aug 2004 14:14:23 -0400, Melvin Backus <mbackus at bellsouth dot net>
> > >wrote:
> > > >
> > > >
> > > > Joe Lagreca wrote:
> > > >
> > > > >I have a /29 network with 5 useable external IP addresses.  I want to
> > > > >share my connection with others.  However I expect more than 5 other
> > > > >people wanting to share my connection, so I will need some sort of NAT
> > > > >incorporated into my design.  I am using m0n0wall as my main gateway,
> > > > >and off the shelf wireless routers at each users location.
> > > > >
> > > > >While laying out my network, I repeatedly ended up with a NAT behind a
> > > > >NAT design.  I wasn't sure if that was an acceptable or poor design.
> > > > >I've read of others doing this (that doesnt necesarily make it
> > > > >correct) and was wondering what others thought about it.
> > > > >
> > > > >If I do use it in my design, what sort of problems should I expect and
> > > > >how can I overcome them?
> > > > >
> > > > >Joe
> > > > >
> > > > >
> > > > It will certainly work, but one of the problems you can expect would be
> > > > issues with IPSec connections.  They don't work well with NAT unless
> > > > there are modules in place to allow them to pass through.  That's sort
> > > > of a kludge which has been accepted and works OK, but when you end up
> > > > with more than 1 level it doesn't work anymore.  That isn't normally
> > > > much of a problem unless you wind up with someone who's trying to
> > > > connect to a VPN which happens to use IPSec.
> > > >
> > > > Melvin
> > > >
> > > > ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > > >
> > > >
> > >
> > >---------------------------------------------------------------------
> > >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
> >
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch