Community discussions

 
keema
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Thu Nov 06, 2014 12:54 pm

NAT Masquerade problem in 6.20.1

Thu Nov 06, 2014 12:59 pm

Hi,

Here is the situation; I have an eoip tunnel from main router to a remote router somewhere else in the building. Over this tunnel I have established a pppoe link. It all works up to a point, where I need to set a NAT masquerade rule for pppoe tunnel. Before 6.20.1 I could do this without a problem, with 6.20.1 it gives me error: --- in/out interface matcher not possible when interface [pppoe-xxx-xxx] is slave - use master instead [eoip-xxx-xxx].

The rule is RED as invalid.

Any clues?
 
User avatar
jacekes
Member Candidate
Member Candidate
Posts: 167
Joined: Tue Aug 30, 2011 9:34 am
Location: Poznan, Poland
Contact:

Re: NAT Masquerade problem in 6.20.1

Thu Nov 06, 2014 3:37 pm

Show the configs of the interfaces on both sides and the NAT rule. A schematic, including IP addressing, would be very helpful. It's difficult to help you, when you don't even say what you want to NAT.
I was certified a long time ago:
MTCNA# 1210NA193 MTCTCE# 1210TCE056 MTCWE# 1211WE010

ONE NETWORK DIAGRAM IS WORTH MORE THAN A THOUSAND WORDS!
 
keema
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Thu Nov 06, 2014 12:54 pm

Re: NAT Masquerade problem in 6.20.1

Thu Nov 06, 2014 4:09 pm

Show the configs of the interfaces on both sides and the NAT rule. A schematic, including IP addressing, would be very helpful. It's difficult to help you, when you don't even say what you want to NAT.
The eoip and pppoe links are working as expected, the problem is only in NAT rule, so you shouldn't need any other config then what I pasted below:
Flags: X - disabled, I - invalid, D - dynamic 
 0    chain=srcnat action=masquerade out-interface=pppoe-adsl log=no 
      log-prefix="" 
Thank you for trying to help.
 
User avatar
jgellis
Member Candidate
Member Candidate
Posts: 138
Joined: Wed May 30, 2007 10:57 am
Location: USA

Re: NAT Masquerade problem in 6.20.1

Sun Dec 28, 2014 2:09 am

I just upgraded and also ran into the same error. Perhaps my resolution will assist you in finding yours.

In my case, I have an EoIP tunnel (running over VPN) from an external MT that was *Bridged* locally to an ethernet port. I was doing NAT and firewall filtering on traffic arriving from or departing to the remote network, so the rules were pointing to an in-interface or out-interface of the EoIP interface directly. After the ROS upgrade I had to change the rules to alleviate the error you have indicated, eliminating the in-interface or out-interface value, and instead using the in-bridge-port or out-bridge-port variable to point to my same EoIP interface. Note, this also requires enabling the use of IP firewall in Bridge settings.
- If I helped you solve your problem... I am now able to accept tax-deductible Karma donations!
 
keema
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 62
Joined: Thu Nov 06, 2014 12:54 pm

Re: NAT Masquerade problem in 6.20.1

Tue Jan 06, 2015 12:35 pm

I just upgraded and also ran into the same error. Perhaps my resolution will assist you in finding yours.

In my case, I have an EoIP tunnel (running over VPN) from an external MT that was *Bridged* locally to an ethernet port. I was doing NAT and firewall filtering on traffic arriving from or departing to the remote network, so the rules were pointing to an in-interface or out-interface of the EoIP interface directly. After the ROS upgrade I had to change the rules to alleviate the error you have indicated, eliminating the in-interface or out-interface value, and instead using the in-bridge-port or out-bridge-port variable to point to my same EoIP interface. Note, this also requires enabling the use of IP firewall in Bridge settings.
Thank you for your answer. in my case a reboot helped...

Who is online

Users browsing this forum: MSN [Bot] and 87 guests