[PLUG] Comments on double NAT...

Mike Connors mconnors1 at gmail.com
Sun Dec 20 00:59:45 UTC 2009


Michael Robinson wrote:
> It's quite simple, the remote site was using the 192.168.1.0/24 network
> before I was, but I didn't realize this when I initially set up my
> network.  At some point in time, I decided to add a second private
> network in segments booted off of an existing server.  These are the
> 192.168.4.0/28 and 192.168.4.16/28 networks.  There are more segments,
> but they aren't important to the problem at hand.  The only reason
> I talked about those 2 segments is that the first segment provides
> an alternate route to 192.168.1.0/24 that I don't want to use.  I
> want to work everything through the routers on the original part
> of the network.
>
> Even if I were to go all out and try to use DIA to create a less crude
> diagram of my network, I wouldn't be able to post it to this list.
>
> Telling the other end, the Minnesota end, that they have to renumber to
> fit into my private network so that no subnet boundaries have to be 
> crossed is imposing a lot on them.  It generally doesn't work that way.
>
>   
Yes, my initial comments were rude and not helpful. I apologize for that.

But I've designed, implemented, and supported large networks with 
switching, routing, vlans, vpns, firewalls, and wan circuits they were 
never has hard to grok as yours.

Maybe it's the diagram. There's a lot of extraneous info in your diagram 
that makes digesting the info difficult. Physical boundaries, individual 
host names and ip addresses aren't all that useful. However, including 
the vpn link with network endpoints would be very useful. Providing 
which devices route traffic for which networks would be useful.

If I were diagramming this network I would do it from the view point of 
the network and not by the host or physical location because the 
interesting info is how traffic goes from 1 network to another network. 
Not where things are physically and what the physical connections are. 
Routing happens between networks, this is what you want to know.

You could always create a better diagram in Dia and send it as a file 
attachment. I don't think file attachments are banned on the PLUG list?

Here's what's not clear to me:
1. I only see 1 router (Netgear) and I don't know what it's route table 
looks like.
2. I'm not sure how all the servers see the network. Are they all just 
pointing at the Netgear via a default route?

My other 2 cents:
1. Troubleshooting network problems w. NAT or double NAT can be a real 
pain when trying to keep track of the NAT'd and local ip addr.
2. I'm going to attempt to diagram this network myself so that it makes 
more sense to me.





More information about the PLUG mailing list