| Home | Forums | Reviews | Guides | Newsgroups | Register | Search |
 |
| Thread Tools |
|
Guest
Posts: n/a
|
Hi!
My old 3640 router (192.168.254.1/24) just died. RIP. I put in its place a 1600 (12.0 ios) wich does not work as ntp server. As all my computers connect to it to set their time and date, and since I have a second ntp server (192.168.254.13), i thought to do double-nat (source and destination) on ntp port.. Of course, I only have one ethernet interface, and only one net (192.168.254.0/24). 254.0/24 --> 254.1:ntp ==> 254.1 --> 254.13:ntp and back.. Here is the configuration I made : interface Loopback0 ip address 192.168.253.1 255.255.255.252 ip nat inside ! interface Ethernet0 ip address 192.168.254.1 255.255.255.0 ip nat outside ip policy route-map Ntp ! ip nat inside source static udp 192.168.254.13 123 192.168.254.1 123 ip nat outside source static udp 192.168.254.1 123 192.168.254.13 123 ! access-list 101 permit udp any eq ntp host 192.168.254.1 eq ntp route-map Ntp permit 10 match ip address 101 set ip next-hop 192.168.253.2 .... but it doesn't work. It just do destination nat, then packets don't return to the correct source, and of course, they are dropped.  Someone could tell me what I've done bad ? thank you  |
|
|
|
|||
|
|
| |
|
Guest
Posts: n/a
|
On 2 Feb, 13:34, Laurent <lpo...@alussinan.org> wrote:
> Hi! > > My old 3640 router (192.168.254.1/24) just died. RIP. > I put in its place a 1600 (12.0 ios) wich does not work as ntp server. > > As all my computers connect to it to set their time and date, and since > I have a second ntp server (192.168.254.13), i thought to do double-nat > (source and destination) on ntp port.. > > Of course, I only have one ethernet interface, and only one net > (192.168.254.0/24). > > 254.0/24 --> 254.1:ntp * ==> 254.1 --> 254.13:ntp * and back.. > > Here is the configuration I made : > > interface Loopback0 > *ip address 192.168.253.1 255.255.255.252 > *ip nat inside > ! > interface Ethernet0 > *ip address 192.168.254.1 255.255.255.0 > *ip nat outside > *ip policy route-map Ntp > ! > ip nat inside source static udp 192.168.254.13 123 192.168.254.1 123 > ip nat outside source static udp 192.168.254.1 123 192.168.254.13 123 > ! > access-list 101 permit udp any eq ntp host 192.168.254.1 eq ntp > route-map Ntp permit 10 > *match ip address 101 > *set ip next-hop 192.168.253.2 > > ... but it doesn't work. It just do destination nat, then packets don't > return to the correct source, and of course, they are dropped. > > Someone could tell me what I've done bad ? > > thank you Maybe you should be using ip nat inside destination instead of outside source? I have never understood the difference between outside source and inside dest. But then I think I have only done double nat on cisco once. Annoyingly it was my first ever NAT job and it hurt my head a lot - I still remember it after about twelve years though |
|
|
|
|
|||
|
|
| |
|
Guest
Posts: n/a
|
On 3 Feb, 05:49, bod43 <Bo...@hotmail.co.uk> wrote:
> On 2 Feb, 13:34, Laurent <lpo...@alussinan.org> wrote: > > > > > Hi! > > > My old 3640 router (192.168.254.1/24) just died. RIP. > > I put in its place a 1600 (12.0 ios) wich does not work as ntp server. > > > As all my computers connect to it to set their time and date, and since > > I have a second ntp server (192.168.254.13), i thought to do double-nat > > (source and destination) on ntp port.. > > > Of course, I only have one ethernet interface, and only one net > > (192.168.254.0/24). > > > 254.0/24 --> 254.1:ntp * ==> 254.1 --> 254.13:ntp * and back.. > > > Here is the configuration I made : > > > interface Loopback0 > > *ip address 192.168.253.1 255.255.255.252 > > *ip nat inside > > ! > > interface Ethernet0 > > *ip address 192.168.254.1 255.255.255.0 > > *ip nat outside > > *ip policy route-map Ntp > > ! > > ip nat inside source static udp 192.168.254.13 123 192.168.254.1 123 > > ip nat outside source static udp 192.168.254.1 123 192.168.254.13 123 > > ! > > access-list 101 permit udp any eq ntp host 192.168.254.1 eq ntp > > route-map Ntp permit 10 > > *match ip address 101 > > *set ip next-hop 192.168.253.2 > > > ... but it doesn't work. It just do destination nat, then packets don't > > return to the correct source, and of course, they are dropped. > > > Someone could tell me what I've done bad ? > > > thank you > > Maybe you should be using ip nat inside destination > instead of outside source? > > I have never understood the difference between outside > source and inside dest. But then I think I have only > done double nat on cisco once. Annoyingly it was my > first ever NAT job and it hurt my head a lot - I still > remember it after about twelve years though I have read your post more thoroughly now and see that you are doing router on a stick. This will all be very problematic. You need to make sure that you don't get ICMP redirects otherwise the router will get bypassed. I guess you already checked that the source port for ntp is 123? Seems not unreasonable I suppose. that you are |
|
|
|
|
|||
|
|
| |
|
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| what kind of client do i need ?? | Hernán Castelo | Wireless Networking | 3 | 05-11-2005 06:29 AM |
| Router problems of a different kind | =?Utf-8?B?c2hhZG8yODI=?= | Wireless Networking | 1 | 01-31-2005 11:39 PM |
| Synthesizable (kind of) dual-edge FF | Nicolas Matringe | VHDL | 1 | 10-12-2004 07:40 PM |
| Kind of hard, really | Charles | Firefox | 12 | 08-12-2004 04:05 PM |
| What kind of problems is Perl best at solving? | nb | Perl | 0 | 12-29-2003 06:34 PM |
