[Csync2] Syncing through NAT (masquerade)
Spyros Papanastasiou
spyros_ladon at zoho.eu
Mon Mar 8 20:48:30 CET 2021
<same mail, unformatted>
Setup:
Two networks connected through a NAT. The NAT is setup in PC3 using
$ iptables
innerPC1 ->.
]-> PC3 (NAT) -> outerPC4
innerPC2 ->'
Problem:
"remote host ___ did not accept my identification"
This happens because NATs work by translating an inner network's IP
to the router's (and assigning a port for the inner IP).
In my setup, the rule at fault was:
$ iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
, where "WAN" is the router's interface to the outer network.
Solution:
Exclusion of csync2 port from Masquerading:
$ iptables -t nat -A POSTROUTING -o ${WAN} -p TCP --dport
csync2 -j RETURN
! Important: The previous command needs to be put before the
MASQUERADE one.
More information about the Csync2
mailing list