Greetings,
On Fri, 19 Apr 2013, Marius Petrescu wrote:
(Please trim inclusions from previous messages) _______________________________________________ Hi,
IPIP can not traverse NAT because first of all it uses proto 4 (encap) and not TCP or UDP, so contrack, which manages NAT traversal does not support it.
Actually, IPIP encap (Proto-4) passes through NAT just fine. But *not* in the typical sense. If you define your JNOS box (or the IP address on the Linux box that is running JNOS) as the "DMZ Host", many off-the-shelf cheapie routers WILL pass *ALL* traffic arriving at the PUBLIC side of your NAT router directly to the JNOS box, including IPIP Proto-4.
WARNING: DO NOT try to "port forward" any TCP or UDP ports to the DMZ host address. This breaks DMZ and you *will* have problems!
Be aware that OLDER Dlink and LinkSys boxes work best. But as these manufacturers added new whiz-bang features to support things like Plug-n-Play and other features, they ran out of ROM or RAM space, and dropped support for IPIP to pass through unencumbered through NAT. So YMMV.
It is still *best* to toss those cheapie Dlink or LinkSys routers in favor of a more 'professional' router/firewall based on Linux or FreeBSD such as "PFsense".
Enjoy! --- Jay Nugent WB8TKL o Chair, ARRL Michigan Section "Digital Radio Group" (DRG) [www.MI-DRG.org]
() ascii ribbon campaign in /\ support of plain text e-mail
Averaging at least 3 days of MTBWTF!?!?!? The solution for long term Internet growth is IPv6. +------------------------------------------------------------------------+ | Jay Nugent jjn@nuge.com (734)484-5105 (734)649-0850/Cell | | Nugent Telecommunications [www.nuge.com] | | Internet Consulting/Linux SysAdmin/Engineering & Design | | ISP Monitoring [www.ispmonitor.org] ISP & Modem Performance Monitoring | +------------------------------------------------------------------------+ 05:01:01 up 273 days, 14:22, 2 users, load average: 0.10, 0.12, 0.10