
<html>

  <head>


    <meta http-equiv="content-type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>Setup:</p>

    <p>    Two networks connected through a NAT. The NAT is setup in PC3

      using $ iptables<br>

    </p>

    <font face="monospace">    innerPC1 -&gt;.</font><br>

    <font face="monospace">                ]-&gt; PC3 (NAT) -&gt;

      outerPC4</font><br>

    <font face="monospace">    innerPC2 -&gt;'<br>

    </font>

    <p>Problem:<br>

    </p>

    <span class="mw-headline"

      id="remote_host_remote_host_did_not_accept_my_identification">   

      "remote host ___ did not accept my identification"<br>

    </span>

    <p><span class="mw-headline"

        id="remote_host_remote_host_did_not_accept_my_identification">   

      </span><span class="mw-headline"

        id="remote_host_remote_host_did_not_accept_my_identification">This

        happens because NATs work by translating an inner network's IP

        to the router's (and assigning a port for the inner IP). <br>

      </span></p>

    <p><span class="mw-headline"

        id="remote_host_remote_host_did_not_accept_my_identification">   

        In my setup, the rule at fault was:</span></p>

    <p><span class="mw-headline"

        id="remote_host_remote_host_did_not_accept_my_identification">   

            $ </span><font size="+1"><span class="mw-headline"

          id="remote_host_remote_host_did_not_accept_my_identification"><code>iptables

            -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE</code></span></font></p>

    <p><font size="+1"><span class="mw-headline"

          id="remote_host_remote_host_did_not_accept_my_identification"><code> 

            , where "WAN" is the router's interface to the outer

            network.<br>

          </code></span></font></p>

    <p><span class="mw-headline"

        id="remote_host_remote_host_did_not_accept_my_identification">Solution:</span><span

        class="mw-headline"

        id="remote_host_remote_host_did_not_accept_my_identification"><br>

      </span></p>

    <p><span class="mw-headline"

        id="remote_host_remote_host_did_not_accept_my_identification">   

        Exclusion of csync2 port from Masquerading:</span></p>

    <p><span class="mw-headline"

        id="remote_host_remote_host_did_not_accept_my_identification">   

            $ </span><font size="+1"><span class="mw-headline"

          id="remote_host_remote_host_did_not_accept_my_identification"><code>iptables

            -t nat -A POSTROUTING -o ${WAN} -p TCP --dport csync2 -j

            RETURN</code></span></font></p>

    <p><font size="+1"><span class="mw-headline"

          id="remote_host_remote_host_did_not_accept_my_identification"><code> 

            ! Important: The previous command needs to be put before the

            MASQUERADE one.<br>

          </code></span></font></p>

  </body>

</html>