The cerowrt box should be after the ADSL gateway. Use the cerowrt firewall. Bridge the ADSL gateway, or, if the ISP prohibits that, create a DMZ with cerowrt as the item in it.
On 28 Aug 2013, at 09:44, Oliver Niesner <[email protected]> wrote: > > > Hi all, > > I hope someone could help me, it seems that i doesn't get it or misinterpret > something :-/ > > I want to get rid of double NAT in my small network at home, but it seems it > only works, if i use an extra iptables MASQUERADE rule on my pc which does all > the firewalling dhcp etc.. > > My setup: ^ > |internet > | > ------------------------- ------------------------ > | | | firewall pc | > | dsl-router | |dhcp, small | > |(NAT, no CEROwrt! |----------eth0--------|webserver etc. | > |ip, static=192.168.0.199| 192.168.0.1 |---------------|-------- > |------------------------ | > | > eth1, > 192.168.1.1 > | > | > --------------------------------| > | WAN=192.168.1.86 | > WLAN------------| CEROwrt | > --------------------------------- > > > This setup works fine, but only when i do MASQUERADE on eth0, on my firewall > pc! > I thought it must be possible, that only my dsl-router is doing the NAT and > everything else is routed inside the private net! > (the necessary routes are set, every machine could ping each other) > What i'm missing? > > thx, > > Oliver > > > _______________________________________________ > Cerowrt-devel mailing list > [email protected] > https://lists.bufferbloat.net/listinfo/cerowrt-devel _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
