[Csync2] Syncing through NAT (masquerade)

Mon, 08 Mar 2021 15:22:59 -0800

Setup:

    Two networks connected through a NAT. The NAT is setup in PC3 using $ iptables

    innerPC1 ->.
                ]-> PC3 (NAT) -> outerPC4
    innerPC2 ->'

Problem:

    "remote host ___ did not accept my identification"

    This happens because NATs work by translating an inner network's IP to the router's (and assigning a port for the inner IP).

    In my setup, the rule at fault was:

        $ iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE

  , where "WAN" is the router's interface to the outer network.

Solution:

    Exclusion of csync2 port from Masquerading:

        $ iptables -t nat -A POSTROUTING -o ${WAN} -p TCP --dport csync2 -j RETURN

  ! Important: The previous command needs to be put before the MASQUERADE one.

_______________________________________________
Csync2 mailing list
Csync2@lists.linbit.com
https://lists.linbit.com/mailman/listinfo/csync2

Reply via email to