Reference Manual


rmode - set routing-only mode for an interface
rmode ifn [on | off]
setrm ifn [on | off]
The NAT32 IP Router normally performs several types of mappings for traffic sent to or received from the Internet. However, in cases where an external router is used to provide such functionality, NAT32 can be used to provide other useful features such as user administration, throughput throttling, traffic management and spam filtering . Full details of how to configure such a setup are given here.

The rmode command (alias setrm) can be used to force NAT32 to behave as a conventional router with no address translation and only limited mapping features. In this mode, NAT32 accepts packets for the Internet and forwards them unchanged via the default route that normally points to the private IP address of the external router. The NAT32 admin feature is available in this mode and can be used to throttle a private machine's traffic or even block it completely.

In routing-only mode, NAT32 sees only outgoing traffic, as incoming traffic is sent directly to the private machines by the external router.


A very common special case is the external router (such as a DSL modem) that provides Network Address Translation for computers connected to its LAN and/or WLAN interfaces. The attached computers are assigned private IP addresses by the router's DHCP Server, and the private IP address of the router is used as the gateway and DNS server by those computers.

When NAT32 is used in such environments, it uses the LAN/WLAN interface as its Internet interface, even though the network address is a private IP address as defined in RFC 1918. NAT32 will not translate IP source addresses in this case because the external router can reach all connected computers directly.

However, when NAT32 has been configured to support additional private networks, address translations must usually be performed. This means that two levels of network address translation are being done: first by NAT32 and then again by the external router. This "double-NAT" issue can cause problems for some applications running on computers connected to the private networks.

The issue can be avoided if the external router has the following capabilities:

Many DSL routers (such as all FritzBox models from AVM in Germany) have the required capabilities and the command rmode p on will prevent "double-NAT" from happening.


Admin, Traffic Management
[Edit] [Back]