Skip to main content
Unix & Linux

Return to Answer

deleted 48 characters in body
Source Link
Rui F Ribeiro
Rui F Ribeiro
  • 58k
  • 28
  • 156
  • 237

The problem lies in getting a response from the client LAN I think, and so yes you need to use NAT to the client-LAN as well.

Let me explain:

Nodes on your LAN have your gateway as their default gateway.

Thus any traffic from them, be it to the client network (10.0.0.0/8) or the wider world (0.0.0.0/8) goes to it.

Traffic to the wider world is then NAT'd onto the Internet.

Traffic to the client's LAN is forwarded as is (I'm assuming here forwarding is working which the NAT working indicates it is).

So a packet from a node on your internal LAN, let us say it's IP is 192.168.1.200 goes to your gateway and is forward to the client LAN. However it's source address is still 192.168.1.200.

The client machine receives this and tried to reply, to 192.168.1.200.

Unless the client LAN machines have routes set for 192.168.1.0/24, or their default gateway is able to forward the packets to your gateway, they will not be able to route.

With NAT enabled then at the gateway the source address 192.168.1.200 is NAT'd to your client LAN gateway address, which client LAN nodes can respond to, where it will be re-addressed by your gateway and returned.

I hope that's clear enough and helps your issue.

The problem lies in getting a response from the client LAN I think, and so yes you need to use NAT to the client-LAN as well.

Let me explain:

Nodes on your LAN have your gateway as their default gateway.

Thus any traffic from them, be it to the client network (10.0.0.0/8) or the wider world (0.0.0.0/8) goes to it.

Traffic to the wider world is then NAT'd onto the Internet.

Traffic to the client's LAN is forwarded as is (I'm assuming here forwarding is working which the NAT working indicates it is).

So a packet from a node on your internal LAN, let us say it's IP is 192.168.1.200 goes to your gateway and is forward to the client LAN. However it's source address is still 192.168.1.200.

The client machine receives this and tried to reply, to 192.168.1.200.

Unless the client LAN machines have routes set for 192.168.1.0/24, or their default gateway is able to forward the packets to your gateway, they will not be able to route.

With NAT enabled then at the gateway the source address 192.168.1.200 is NAT'd to your client LAN gateway address, which client LAN nodes can respond to, where it will be re-addressed by your gateway and returned.

I hope that's clear enough and helps your issue.

The problem lies in getting a response from the client LAN I think, and so yes you need to use NAT to the client-LAN as well.

Let me explain:

Nodes on your LAN have your gateway as their default gateway.

Thus any traffic from them, be it to the client network (10.0.0.0/8) or the wider world (0.0.0.0/8) goes to it.

Traffic to the wider world is then NAT'd onto the Internet.

Traffic to the client's LAN is forwarded as is (I'm assuming here forwarding is working which the NAT working indicates it is).

So a packet from a node on your internal LAN, let us say it's IP is 192.168.1.200 goes to your gateway and is forward to the client LAN. However it's source address is still 192.168.1.200.

The client machine receives this and tried to reply, to 192.168.1.200.

Unless the client LAN machines have routes set for 192.168.1.0/24, or their default gateway is able to forward the packets to your gateway, they will not be able to route.

With NAT enabled then at the gateway the source address 192.168.1.200 is NAT'd to your client LAN gateway address, which client LAN nodes can respond to, where it will be re-addressed by your gateway and returned.

Source Link
Dave C
Dave C
  • 1.4k
  • 10
  • 15

The problem lies in getting a response from the client LAN I think, and so yes you need to use NAT to the client-LAN as well.

Let me explain:

Nodes on your LAN have your gateway as their default gateway.

Thus any traffic from them, be it to the client network (10.0.0.0/8) or the wider world (0.0.0.0/8) goes to it.

Traffic to the wider world is then NAT'd onto the Internet.

Traffic to the client's LAN is forwarded as is (I'm assuming here forwarding is working which the NAT working indicates it is).

So a packet from a node on your internal LAN, let us say it's IP is 192.168.1.200 goes to your gateway and is forward to the client LAN. However it's source address is still 192.168.1.200.

The client machine receives this and tried to reply, to 192.168.1.200.

Unless the client LAN machines have routes set for 192.168.1.0/24, or their default gateway is able to forward the packets to your gateway, they will not be able to route.

With NAT enabled then at the gateway the source address 192.168.1.200 is NAT'd to your client LAN gateway address, which client LAN nodes can respond to, where it will be re-addressed by your gateway and returned.

I hope that's clear enough and helps your issue.