What's new

double NAT and static route not working

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

eliotte

Occasional Visitor
Hi,

I have a strange probleme.

Here my setup:

1xRT-AC68U 376.48_1 as main router
2xRT-AC66U 3.0.0.4.374.38_1 as AP and an other doing double NAT

So I have something like:


reseau.png


My main subnet is 192.168.1.1/24 and I have double NAT at 192.168.2.1/24

So nothing complicated.

On my main subnet, I have a server running some VMs. One of them do an VPN and connect to a subnet like 60.5.1.1/24 (routable address, not 10.x.x.x OR 192.168.x.x). This VM's ip is 192.168.1.20. I created a static route like:
ip route add net 60.5.1.1/24 via 192.148.1.20 ... and it works. When I traceroute, for exemple 60.5.1.1, I get:
->192.168.1.1
->192.168.1.20
->60.5.1.1

So everything is perrfect! and if I try to reach a webservice, it works also.

But here the probleme. When I'm in my Double NAT (192.168.2.1), I can ping any ip of 60.5.1.1/24. If I traceroute, I have almost the same as above plus the router ip in top so:
->192.168.2.1
->192.168.1.1
->192.168.1.20
->60.5.1.1

BUT, and this is why I'm here, If I try to reach a webservice in 60.5.1.1/24, it doesn't work.

Does anyone have an idea why??
 
Last edited:
All routing seems to be ok when I look at your traceroute. Some more questions for you:
-Can the host that your are trying to reach also reach your subnet where you are sitting in? Does that host have a specific route too or does it fall in the default route?
-Do you use a proxyserver?
-What webservices are you trying to reach? Something on port 80/443?
-What do you see when you enter "telnet 60.5.1.x 80" or "telnet 60.5.1.x 443"? where x is the host in that subnet.

Maybe SSL 3.0 is disabled in your browser and the webserver needs it?
 
Last edited:

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top