NuFW NAT Issue

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

NuFW NAT Issue

cscm
Hello,

I can authenticate packet comming from nated users.

Where is my NuFW architecture :


User (192.168.42.2) ------- GW(NAT) --------- Internet ----- NuFW

My User is authenticated by Nuauth :

nuauth[30472]: [+] User "cscm" connected from 82.238.24.27.
nuauth[30472]:       Group: 101

But, when I try to connect :

$ telnet  82.235.108.67 2222
Trying 82.235.108.67...

I've got the fallowing messages in my sys logs :

nuauth[30472]: Packet:
nuauth[30472]: Connection: src=82.238.24.27 dst=82.235.108.67 proto=6
nuauth[30472]: sport=58306 dport=2222
nuauth[30472]: packet id: -326819936
nuauth[30472]: User cscm on 82.238.24.27 tried to authenticate packet from
other IP

Nufw is mixing my authentificated adresse and the source nated adresse.

If I run nutcpc on the gatewat (without nat) everything is working
correctly.

Could someone help my on this issue?

Best Regards,

--
Nowicki Christophe
http://csquad.org



_______________________________________________
Nufw-users mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/nufw-users
Reply | Threaded
Open this post in threaded view
|

Re: NuFW NAT Issue

Eric Leblond-2
Hi,

Le dimanche 27 mai 2007 à 10:15 +0200, cscm a écrit :

> Hello,
>
> I can authenticate packet comming from nated users.
> nuauth[30472]: User cscm on 82.238.24.27 tried to authenticate packet from
> other IP
>
> Nufw is mixing my authentificated adresse and the source nated adresse.
>
> If I run nutcpc on the gatewat (without nat) everything is working
> correctly.
>
> Could someone help my on this issue?
Sadly not, this is a limitation of NuFW protocol detailed in FAQ :
        http://www.nufw.org/Frequently-Asked-Questions.html

The only way to go through this is to use a VPN solution between client
and NuFW to avoid NAT.

Best regards,
--
Eric Leblond <[hidden email]>
NuFW, Now User Filtering Works : http://www.nufw.org

_______________________________________________
Nufw-users mailing list
[hidden email]
http://lists.nongnu.org/mailman/listinfo/nufw-users

signature.asc (196 bytes) Download Attachment