NAT ETH1 PORT 5000 Traffic to PPP0

up vote
0
down vote

favorite

I have a Digi i.MX6UL running a variant of Linux. I have attached to the ETH1 (169.254.0.1) port an Advantech EKI-6332GN Router (169.254.0.5). I have a Zebra MC67 (169.254.0.3) device running Windows Mobile 6.5 using WiFi to connect to the Router. The MC67 can ping the 6UL and the 6UL can ping the HH. The 6UL also has a static IP (166.155.85.213) on the VZW network. What I need now is a NAT for all TCP PORT 5000 traffic from the MC67 via WiFI (ETH1) to route to PPP0.

root@ccimx6ulsbc:~# ifconfig

eth0 Link encap:Ethernet HWaddr 00:04:F3:15:87:9D
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:113 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:19766 (19.3 KiB)

eth1 Link encap:Ethernet HWaddr 00:04:F3:15:87:9C
inet addr:169.254.0.1 Bcast:169.254.0.255 Mask:255.255.255.0
inet6 addr: fe80::204:f3ff:fe15:879c%lo/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:54 errors:0 dropped:0 overruns:0 frame:0
TX packets:10699 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4766 (4.6 KiB) TX bytes:1855108 (1.7 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1%1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:107545 errors:0 dropped:0 overruns:0 frame:0
TX packets:107545 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:8700743 (8.2 MiB) TX bytes:8700743 (8.2 MiB)

ppp0 Link encap:Point-to-Point Protocol
inet addr:166.155.85.213 P-t-P:0.0.0.0 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:281028 errors:9591 dropped:0 overruns:0 frame:0
TX packets:347128 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:91846595 (87.5 MiB) TX bytes:99025969 (94.4 MiB)

wlan0 Link encap:Ethernet HWaddr 00:04:F3:15:87:9E
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

wlan1 Link encap:Ethernet HWaddr 02:03:7F:D7:00:01
inet addr:192.168.46.30 Bcast:192.168.46.255 Mask:255.255.255.0
inet6 addr: fe80::3:7fff:fed7:1%lo/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6666 errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:1897472 (1.8 MiB)

root@ccimx6ulsbc:~#

root@ccimx6ulsbc:~# ip route list
default dev ppp0 proto static scope link metric 700
169.254.0.0/24 dev eth1 proto kernel scope link src 169.254.0.1
192.168.46.0/24 dev wlan1 proto kernel scope link src 192.168.46.30
root@ccimx6ulsbc:~#

root@ccimx6ulsbc:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 700 0 0 ppp0
169.254.0.0 * 255.255.255.0 U 0 0 0 eth1
192.168.46.0 * 255.255.255.0 U 0 0 0 wlan1
root@ccimx6ulsbc:~#

edited Dec 5 at 17:43

asked Dec 5 at 14:31

Don Osmond

You are confusing routing and network address translation (NAT). You could connect your 169.254.0.*/24 segment to whatever is behind the PPP link via routing. That is independent of port numbers (and you'll have to get rid of the link-local addresses, because they are not routable). Or you can use iptables to rewrite packets so that a connection to 169.254.0.13 (say) on port 5000 goes to some other address behind the PPP link, and the answers are also rewritten to come from 169.254.0.13. Please edit your question and indicate what you want.
– dirkt
Dec 5 at 14:50

Thanks, this is new for me so I apologize. I have been reading up on iptables. The handheld (HH) device (Zebra MC67) is connected to the router (Advantech EKI-6332GN) which is attached to the box (Digi i.MX6UL) via Ethernet on ETH1. The HH can ping the box and the other way around. So that connection is in place. The app on the HH will attempt to create a socket to a server on port 5000. So traffic from ETH1 on port 5000 needs to go to PPP0. The HH app knows the outside IP. The box can ping the server outside IP today so my missing path is ETH1 to PPP0 for port 5000 traffic.
– Don Osmond
Dec 5 at 14:57

add a comment |

up vote
0
down vote

favorite

root@ccimx6ulsbc:~# ifconfig

root@ccimx6ulsbc:~#

edited Dec 5 at 17:43

asked Dec 5 at 14:31

Don Osmond

You are confusing routing and network address translation (NAT). You could connect your 169.254.0.*/24 segment to whatever is behind the PPP link via routing. That is independent of port numbers (and you'll have to get rid of the link-local addresses, because they are not routable). Or you can use iptables to rewrite packets so that a connection to 169.254.0.13 (say) on port 5000 goes to some other address behind the PPP link, and the answers are also rewritten to come from 169.254.0.13. Please edit your question and indicate what you want.
– dirkt
Dec 5 at 14:50

Thanks, this is new for me so I apologize. I have been reading up on iptables. The handheld (HH) device (Zebra MC67) is connected to the router (Advantech EKI-6332GN) which is attached to the box (Digi i.MX6UL) via Ethernet on ETH1. The HH can ping the box and the other way around. So that connection is in place. The app on the HH will attempt to create a socket to a server on port 5000. So traffic from ETH1 on port 5000 needs to go to PPP0. The HH app knows the outside IP. The box can ping the server outside IP today so my missing path is ETH1 to PPP0 for port 5000 traffic.
– Don Osmond
Dec 5 at 14:57

add a comment |

up vote
0
down vote

favorite

root@ccimx6ulsbc:~# ifconfig

root@ccimx6ulsbc:~#

edited Dec 5 at 17:43

asked Dec 5 at 14:31

Don Osmond

root@ccimx6ulsbc:~# ifconfig

root@ccimx6ulsbc:~#

linux route

edited Dec 5 at 17:43

asked Dec 5 at 14:31

Don Osmond

edited Dec 5 at 17:43

asked Dec 5 at 14:31

Don Osmond

edited Dec 5 at 17:43

asked Dec 5 at 14:31

Don Osmond

asked Dec 5 at 14:31

Don Osmond

asked Dec 5 at 14:31

Don Osmond

You are confusing routing and network address translation (NAT). You could connect your 169.254.0.*/24 segment to whatever is behind the PPP link via routing. That is independent of port numbers (and you'll have to get rid of the link-local addresses, because they are not routable). Or you can use iptables to rewrite packets so that a connection to 169.254.0.13 (say) on port 5000 goes to some other address behind the PPP link, and the answers are also rewritten to come from 169.254.0.13. Please edit your question and indicate what you want.
– dirkt
Dec 5 at 14:50

Thanks, this is new for me so I apologize. I have been reading up on iptables. The handheld (HH) device (Zebra MC67) is connected to the router (Advantech EKI-6332GN) which is attached to the box (Digi i.MX6UL) via Ethernet on ETH1. The HH can ping the box and the other way around. So that connection is in place. The app on the HH will attempt to create a socket to a server on port 5000. So traffic from ETH1 on port 5000 needs to go to PPP0. The HH app knows the outside IP. The box can ping the server outside IP today so my missing path is ETH1 to PPP0 for port 5000 traffic.
– Don Osmond
Dec 5 at 14:57

add a comment |

You are confusing routing and network address translation (NAT). You could connect your 169.254.0.*/24 segment to whatever is behind the PPP link via routing. That is independent of port numbers (and you'll have to get rid of the link-local addresses, because they are not routable). Or you can use iptables to rewrite packets so that a connection to 169.254.0.13 (say) on port 5000 goes to some other address behind the PPP link, and the answers are also rewritten to come from 169.254.0.13. Please edit your question and indicate what you want.
– dirkt
Dec 5 at 14:50

Thanks, this is new for me so I apologize. I have been reading up on iptables. The handheld (HH) device (Zebra MC67) is connected to the router (Advantech EKI-6332GN) which is attached to the box (Digi i.MX6UL) via Ethernet on ETH1. The HH can ping the box and the other way around. So that connection is in place. The app on the HH will attempt to create a socket to a server on port 5000. So traffic from ETH1 on port 5000 needs to go to PPP0. The HH app knows the outside IP. The box can ping the server outside IP today so my missing path is ETH1 to PPP0 for port 5000 traffic.
– Don Osmond
Dec 5 at 14:57

You are confusing routing and network address translation (NAT). You could connect your 169.254.0.*/24 segment to whatever is behind the PPP link via routing. That is independent of port numbers (and you'll have to get rid of the link-local addresses, because they are not routable). Or you can use iptables to rewrite packets so that a connection to 169.254.0.13 (say) on port 5000 goes to some other address behind the PPP link, and the answers are also rewritten to come from 169.254.0.13. Please edit your question and indicate what you want.
– dirkt
Dec 5 at 14:50

Thanks, this is new for me so I apologize. I have been reading up on iptables. The handheld (HH) device (Zebra MC67) is connected to the router (Advantech EKI-6332GN) which is attached to the box (Digi i.MX6UL) via Ethernet on ETH1. The HH can ping the box and the other way around. So that connection is in place. The app on the HH will attempt to create a socket to a server on port 5000. So traffic from ETH1 on port 5000 needs to go to PPP0. The HH app knows the outside IP. The box can ping the server outside IP today so my missing path is ETH1 to PPP0 for port 5000 traffic.
– Don Osmond
Dec 5 at 14:57

add a comment |

1 Answer
1

active

oldest

votes

up vote
0
down vote

Let's see if I understand it correctly.

You have an application on the Zebra MC67 handheld device (HH for short) that wants to connect to a known internet address, say 1.2.3.4, on port 5000.

The HH is connected to a LAN segment with a router (acting as a switch), and also connected to this LAN segment is a Digi i.MX6UL (6UL for short) that also has a PPP connection as second interface. The address 1.2.3.4 is reachable via this interface.

Is this correct?

The first step is to get rid of the link-local address (169...*), because these are not routable.

So either assign a static address to every single devices (this needs a configuration on each device), or run a DHCP server somewhere, e.g. either on the router, or on the 6UL. (There can only be a single DHCP server per LAN segment).

It would be more convenient to run it on the 6UL, because then the 6UL can also announce itself as gateway for the segment. The exact details of how to set up a DHCP server depends on the variant of Linux you are running.

Choose an address from the private IP range, e.g. 192.168.43.0/24.

Looking at the PPP endpoint, it has a public IP address, but we have just assigned private IP addresses. So as second step you'll have to set up NAT (in this form also called MASQUERADE) on the 6UL: Enable IPV4 forwarding, add the necessary iptables rules. There are many tutorials, e.g. this one. Make sure to adapt to your interface names etc.

This second step would not have been necessary if the PPP was also using private IP addresses; in that case, you'd have just to make sure that the address range used for your LAN segment doesn't collide with addresses ranges used behind the PPP.

Now all machines in the LAN segment should be able to reach all machines behind the PPP link, no matter on what port.

answered Dec 5 at 15:13

dirkt

16.4k21335

All devices have a static IP now. The box 6UL is 169.254.0.1, the HH is 169.254.0.3 and the router is 169.254.0.5. This was does so each device could be connected to direct for configuration purposes and the HH app knows for other functions were to go to. The IP assigned to PPP came from a static assigned by VZW for the SIM. The HH has a wireless profile with the assigned static and uses a SSID to know which router to connect to.
– Don Osmond
Dec 5 at 15:35

add a comment |

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);

);

draft saved

draft discarded

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f486162%2fnat-eth1-port-5000-traffic-to-ppp0%23new-answer', 'question_page');

);

Post as a guest

Name

Required, but never shown

1 Answer
1

active

oldest

votes

1 Answer
1

active

oldest

votes

up vote
0
down vote

Let's see if I understand it correctly.

You have an application on the Zebra MC67 handheld device (HH for short) that wants to connect to a known internet address, say 1.2.3.4, on port 5000.

Is this correct?

The first step is to get rid of the link-local address (169...*), because these are not routable.

Choose an address from the private IP range, e.g. 192.168.43.0/24.

Now all machines in the LAN segment should be able to reach all machines behind the PPP link, no matter on what port.

answered Dec 5 at 15:13

dirkt

16.4k21335

All devices have a static IP now. The box 6UL is 169.254.0.1, the HH is 169.254.0.3 and the router is 169.254.0.5. This was does so each device could be connected to direct for configuration purposes and the HH app knows for other functions were to go to. The IP assigned to PPP came from a static assigned by VZW for the SIM. The HH has a wireless profile with the assigned static and uses a SSID to know which router to connect to.
– Don Osmond
Dec 5 at 15:35

add a comment |

up vote
0
down vote

Let's see if I understand it correctly.

You have an application on the Zebra MC67 handheld device (HH for short) that wants to connect to a known internet address, say 1.2.3.4, on port 5000.

Is this correct?

The first step is to get rid of the link-local address (169...*), because these are not routable.

Choose an address from the private IP range, e.g. 192.168.43.0/24.

Now all machines in the LAN segment should be able to reach all machines behind the PPP link, no matter on what port.

answered Dec 5 at 15:13

dirkt

16.4k21335

All devices have a static IP now. The box 6UL is 169.254.0.1, the HH is 169.254.0.3 and the router is 169.254.0.5. This was does so each device could be connected to direct for configuration purposes and the HH app knows for other functions were to go to. The IP assigned to PPP came from a static assigned by VZW for the SIM. The HH has a wireless profile with the assigned static and uses a SSID to know which router to connect to.
– Don Osmond
Dec 5 at 15:35

add a comment |

up vote
0
down vote

Let's see if I understand it correctly.

You have an application on the Zebra MC67 handheld device (HH for short) that wants to connect to a known internet address, say 1.2.3.4, on port 5000.

Is this correct?

The first step is to get rid of the link-local address (169...*), because these are not routable.

Choose an address from the private IP range, e.g. 192.168.43.0/24.

Now all machines in the LAN segment should be able to reach all machines behind the PPP link, no matter on what port.

answered Dec 5 at 15:13

dirkt

16.4k21335

Let's see if I understand it correctly.

You have an application on the Zebra MC67 handheld device (HH for short) that wants to connect to a known internet address, say 1.2.3.4, on port 5000.

Is this correct?

The first step is to get rid of the link-local address (169...*), because these are not routable.

Choose an address from the private IP range, e.g. 192.168.43.0/24.

Now all machines in the LAN segment should be able to reach all machines behind the PPP link, no matter on what port.

answered Dec 5 at 15:13

dirkt

16.4k21335

answered Dec 5 at 15:13

dirkt

16.4k21335

answered Dec 5 at 15:13

dirkt

16.4k21335

answered Dec 5 at 15:13

dirkt

16.4k21335

All devices have a static IP now. The box 6UL is 169.254.0.1, the HH is 169.254.0.3 and the router is 169.254.0.5. This was does so each device could be connected to direct for configuration purposes and the HH app knows for other functions were to go to. The IP assigned to PPP came from a static assigned by VZW for the SIM. The HH has a wireless profile with the assigned static and uses a SSID to know which router to connect to.
– Don Osmond
Dec 5 at 15:35

add a comment |

All devices have a static IP now. The box 6UL is 169.254.0.1, the HH is 169.254.0.3 and the router is 169.254.0.5. This was does so each device could be connected to direct for configuration purposes and the HH app knows for other functions were to go to. The IP assigned to PPP came from a static assigned by VZW for the SIM. The HH has a wireless profile with the assigned static and uses a SSID to know which router to connect to.
– Don Osmond
Dec 5 at 15:35

All devices have a static IP now. The box 6UL is 169.254.0.1, the HH is 169.254.0.3 and the router is 169.254.0.5. This was does so each device could be connected to direct for configuration purposes and the HH app knows for other functions were to go to. The IP assigned to PPP came from a static assigned by VZW for the SIM. The HH has a wireless profile with the assigned static and uses a SSID to know which router to connect to.
– Don Osmond
Dec 5 at 15:35

add a comment |

draft saved

draft discarded

Thanks for contributing an answer to Unix & Linux Stack Exchange!

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

Some of your past answers have not been well-received, and you're in danger of being blocked from answering.

Please pay close attention to the following guidance:

Please be sure to answer the question. Provide details and share your research!

But avoid …

Asking for help, clarification, or responding to other answers.

Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.

draft saved

draft discarded

Post as a guest

Name

Required, but never shown

Name

Required, but never shown

Name

Required, but never shown

搜尋此網誌

mjhjmtu