Reference Manual

NAME

rmode - set routing-only mode for an interface and gateway
SYNOPSIS
rmode ifn.gwn [on | off]
setrm ifn.gwn [on | off]
DESCRIPTION

The rmode command (alias setrm) can be used to force NAT32 to behave as a conventional router with no address translation and only limited mapping features. Argument ifn.gwn specifies the Internet interface and the gateway number for which routing only mode is to be set.

In this mode, NAT32 accepts packets for the Internet and forwards them unchanged to an external router. The admin feature is still available in this mode and can be used to throttle a private machine's Internet traffic.

In routing-only mode, NAT32 sees only outgoing traffic, as incoming traffic is sent directly to the private machines by the external router.

NOTES

The NAT32 IP Router normally performs several types of mappings for traffic sent to or received from the Internet. However, in cases where an external router is used to provide such functionality, NAT32 can be used to provide other useful features such as user administration, throughput throttling, traffic management and spam filtering . Full details of how to configure such a setup are given here.

A very common special case is the external router (such as a DSL modem) that provides Network Address Translation for computers connected to its LAN and/or WLAN interfaces. The attached computers are assigned private IP addresses by the router's DHCP Server, and the private IP address of the router is used as the gateway and DNS server by those computers.

When NAT32 is used in such environments, it uses the LAN/WLAN interface as its Internet interface, even though the network address is a private IP address as defined in RFC 1918. NAT32 will not translate IP source addresses in this case because the external router can reach all connected computers directly.

However, when NAT32 has been configured to support additional private networks, address translations must usually be performed. This means that two levels of network address translation are being done: first by NAT32 and then again by the external router. This "double-NAT" issue can cause problems for some applications running on computers connected to the private networks.

The issue can be avoided if the external router has the following capabilities:

Many DSL routers (such as all FritzBox models from AVM in Germany) have the required capabilities and the command rmode p on will prevent "double-NAT" from happening.

SEE ALSO

Admin, Traffic Management
[Edit] [Back]