19 Apr
2013
19 Apr
'13
5:33 a.m.
Greetings,
On Fri, 19 Apr 2013, Marius Petrescu wrote:
(Please trim inclusions from previous messages)
_______________________________________________
Hi,
IPIP can not traverse NAT because first of all it uses proto 4 (encap) and
not TCP or UDP, so contrack, which manages NAT traversal does not support
it.
Actually, IPIP encap (Proto-4) passes through NAT just fine. But *not*
in the typical sense. If you define your JNOS box (or the IP address on
the Linux box that is running JNOS) as the "DMZ Host", many off-the-shelf
cheapie routers WILL pass *ALL* traffic arriving at the PUBLIC side of
your NAT router directly to the JNOS box, including IPIP Proto-4.
WARNING: DO NOT try to "port forward" any TCP or UDP ports to the DMZ
host address. This breaks DMZ and you *will* have problems!
Be aware that OLDER Dlink and LinkSys boxes work best. But as these
manufacturers added new whiz-bang features to support things like
Plug-n-Play and other features, they ran out of ROM or RAM space, and
dropped support for IPIP to pass through unencumbered through NAT. So
YMMV.
It is still *best* to toss those cheapie Dlink or LinkSys routers in
favor of a more 'professional' router/firewall based on Linux or FreeBSD
such as "PFsense".
Enjoy!
--- Jay Nugent WB8TKL
o Chair, ARRL Michigan Section "Digital Radio Group" (DRG)
[www.MI-DRG.org]
() ascii ribbon campaign in
/\ support of plain text e-mail
Averaging at least 3 days of MTBWTF!?!?!?
The solution for long term Internet growth is IPv6.
+------------------------------------------------------------------------+
| Jay Nugent jjn(a)nuge.com (734)484-5105 (734)649-0850/Cell |
| Nugent Telecommunications [www.nuge.com] |
| Internet Consulting/Linux SysAdmin/Engineering & Design |
| ISP Monitoring [www.ispmonitor.org] ISP & Modem Performance Monitoring |
+------------------------------------------------------------------------+
05:01:01 up 273 days, 14:22, 2 users, load average: 0.10, 0.12, 0.10