NAT for machine on a different subnet

[BarryStiefel]

NAT for machine on a different subnet

Contributed by BenSmith
Published in geeklog Tuesday, June 24 2003 @ 01:27 PM EST
Published in oldfaq 2002-Nov-11 00:31 dwelchATphoneboyDOTcom



Consider the following network:

| L| o| c| a| --------- -------- ---- l| 126.0.10.98 | Fire | 206.99.98.1 | | |CSU | MCI |-------------| |-----------------| Router |----| |----------- N| | Wall | | | |DSU | e| |_________| |________| |____| t| | | | 126 | 126.0.10.50 . | -------- | 126 0 |------|Web serv| | . . | -------- | 0 10 | | . . | 126.0.10.254 ------- 126.0.50.254 | 50 0 |-------------------|Router |--------------| . | ------- | 0 | | | ----- | ----- |------|Mail | |------| X | | ----- | ----- | | 126.0.50.101 | --- |______| X | | |___|

• Illegal address 126.0.10.50 is being mapped to legal address 206.99.98.2.
• Illegal address 126.0.50.101 is being mapped to legal address 206.99.98.102.

A special route needs to be added for each destination static addresses. A route can be added for 206.99.98.2:


route add 206.99.98.2 126.0.10.50 1

...but not for 206.99.98.102...

route add 206.99.98.102 126.0.50.101 3

The following error is given:

add host 206.99.98.102: gateway 126.0.50.101: Network is unreachable

This is because you can only add a route with a gateway which can be reached immediately by the current machine. Some people like to refer to it as the next-hop gateway. In you case, the next-hop gateway from the firewall machine to 126.0.50.101 is the router 126.0.10.254 Therefore, you will have to use the route command:

route add 206.99.98.102 126.0.10.254 1

-- RayLodato - 07 Jan 2004

FAQForm FAQs.Class: NetworkAddressTranslationFAQs FAQs.OS: FAQs.Version: