ip address 192.168.1.1 is my modem ip that have access to internet and the 192.168.100.* addresses are my local network(my client ip address is 192.168.100.200)
when i set a nat rule as following i have access to internet :
When setting to-addresses on src-nat, it has to be one of router’s own addresses being directly reachable by upstream hop (in your case that’s modem). Directly as you most probably didn’t change any routing on modem.
There’s an exception to previous paragraph: you can play with arp and proxy-arp settings to “hijack” some additional WAN IP addresses … if you think you absolutely need it … I don’t think it’ll do any difference in your case as modem does the NAT again and all packets from your router can have single source address, even if you used more than one src-address on your router they’ll probably get translated into single WAN address regardless.
no…
both of these ip’s are in the same network (192.168.1.0/24) and have to see each other..if i even set 192.168.1.100 or any other ip in 192.168.1.0 range it must work.isn’t it?
They are on the same network, but modem doesn’t try to deliver both to your router … modem asks for destination MAC via ARP request and without playing with arp settings I mentioned in (edited) comment above, router won’t answer.
So how can i fix this problem?
Because i am seeing a training movie and in that case the teacher set 192.168.1.50 for src-nat To address and it worked perfectly.. I don’t understand what’s my problem
As I wrote: when configuring static src-nat, it’s easiest to use one of router’s own addresses … the one in correct IP subnet. In your case it’s 192.168.1.2 .
Unless you play (dirty) games, you can’t use just any IP address for src-nat you see fit.
Yes i set To address 192.168.1.2 and it worked!
But how to play with Arp Setting?
As i already said in training movie the teacher just set To adress for example 192.168.1.50 and it worked. Without any setting for Arp Settings
I didn’t know what’s the problem exactly yet
No offense, but I’m not going to go into this … Let’s stick to the rule that you can only configure src-nat to-address with address already belonging to router itself.
Probably that router was already configured with 192.168.1.50 on WAN interface. And the teacher forgot to mention this minor detail.
as you mention that was the exact problem …
Static Nat work correctly and replace the 192.168.100.1 with 192.168.1.2 and then modem ARP 192.168.1.2 and the router response with 192.168.1.2 mac address …
but when i change To address with any other ip in network 192.168.1.x it Static Nat correctly work and replace 192.168.100.1 with that ip But when Modem ARP the ip to resolve the mac address it doesn’t receive any response.(I Attached the pictures)
so changing the ARP setting isn’t logical,true ?
as a result My NAT Rule was correct,and in these case :
When setting to-addresses on src-nat, it has to be one of router’s own addresses being directly reachable by upstream hop (in your case that’s modem)
The basic thing about routing, NATing and firewalling is this: traffic has to pass router and possibly in both directions. How to achieve this goal is then up to physical network layout and configuration. The easiest is when networks (e.g. LAN and internet) are connected to different physical interfaces, which in turn are not part of same L2 domain (e.g. bridge) and router has single IP interface in each of those networks. Then all traffic has to pass L3 layer of router.
In case of NAT, the simplest scenario implies use of router’s own IP addresses in the process.
If there’s another way of forcing packets through router, then the above mentioned rule about addresses with NAT doesn’t hold any more. The simplest scenario where the limitation is not true is when ISP routes some IP subnet while using your router as gateway. In this case packet gets delivered to router even if router doesn’t have that IP address set to its own interface.
However, if that stuff about IP subnet being routed is not true, but you still want to use multiple IP addresses (as in your case: there are 251 unused IP addresses in WAN subnet of your router), you either have to set up WAN interface with additional IP addresses (but be careful with routing rules not to screw NAT and connection tracking) or you can play with ARP (add entry to arp table with IP address you want to use and router’s WAN interface MAC address … or something like that, I didn’t try it myself) to make router answer to ARP requests for that IP address. The ARP way is nicer than multi-address way since you can’t screw the routing …).
But, again, I don’t see any benefit in doing it in your case … where modem will perform NAT again to same public address … unless you can use multiple public IP addresses on your modem?
Anyhow, it would be easier to do stuff if modem can be put into bridge mode and whatever ISP WAN stuff is terminated directly on routerboard (PPPoE, DHCP client, …).
