Dear Gentle Folk,
I have a need to manage multiple tiks behind NAT, from a central server that is not
behind NAT.
The tiks would be in router mode, port 1 facing the outside world and 2,3,4,5 facing
the tik’s private lan.
The tiks would have random outward facing IP’s given to them by what ever NAT router
they are behind, for example 192.168.1.50, this is not under our control.
However the clients connected to the inward interfaces would have unique private
IP subnets like 10.16.10.8/28, given to them by the tik DHCP, uniquely identifiying the clients to us and where they are in the
world. The tiks would be in router mode, and NOT NATTING the 10.x.x.x to its outward facing interface at 192.168.1.50.
There would be only one tik behind each NATTING router.
The natting routers however maybe behind yet other natting routers at the ISP.
The tik needs to open a tunnel of some kind to the portal server at say 64.57.176.23, a routable public static, and leave it open so the portal server can manage the tik’s fire wall rules.
Traffic generated by the clients on the 10.x.x.x. lan of the tik must be routed to the portal
server if directed to by the firewall, and traffic from the portal server must go to the 10.x.x.x unique IP of the end client user OR the 10.x.x.1 IP of the tik’s inner interface itself.
This arrangement works fine using IP over IP tunnels when the tiks are NOT behind a NATTING
router, like a linksys or netgear.
How do I do this when the tik is behind NAT?
In other words I need the tik to open a tunnel through the NAT to a public address that will route traffic both ways from the public IP to the unique private IP numbers of the clients on the inner face of the tik, no matter where the tik is in the world.
Thanks in advance,
Homer W. Smith
CEO Lightlink Internet