NAT configuration problems


Im trying to switch on NAT on my cluster, but experiencing problems in trying to get the equipment to talk.

I have 2 SM an AP and a CMM with GPS.
NAT is switched on for the 2 SM
SM 1 Private:
Public :

Laptop connected on this SM with DHCP running on SM has IP address of

SM 2 Private:

Laptop on this SM :


DMZ is disabled and port filtering is not being used.

I would have expected the two laptops to talk to eachother but they don’t.

From the laptops i can telenet in to the local SM and then ping all the way to the private interface of the other SM but not any further.

Is there something I need to switch on? I have a feeling there is a very simple solution to this.

Thanks in advance for your help.

If I follow your setup, you are disturbed because the two laptops behind NAT-enabled SM’s cannot talk to eachother. That is precisely the case based upon you how described your setup.

The purpose of NAT is to allow multiple hosts to share one IP address. For example, if you have 20 machines on a network, and your ISP only gave you one Public Routable IP address, you could use a NAT router so all 20 machines will use and share the same public IP. The destination host would be not able to tell whether or not an incoming packet came from machine #1 or machine #20, it would just appear as it was coming from the public IP address.

Same thing in Canopy world. All machines behing your NAT-enabled SM are going to “NAT-to” the public interface IP address that the SM is configured to use. In your case:

SM 1 Public ->

SM 2 Public ->

The two public IP addresses are on different subnets. This is one reason why you cannot have the laptops talk to one and other. To my knowledge, when an SM is NAT-enabled, I don’t think you have access to modify/add static routes to its routing tables. Even if you could, that would not permit you to have one private NAT subnet talk to another private NAT subnet. That is the whole purpose of NAT, to protect the machines from public exposure to the Internet/Network.

To my knowledge, the only way to accomplish what you want to acomplish would be via a VPN. We use Linksys NAT routers for pretty much all our customers. For example, I am at home right now behind a Linksys NAT router, and our office is also behind a Linksys NAT router. If I wish to get on the office network to view shared resources, I have to VPN to our Win2k PPTP VPN, and then I have access to the private subnet that the office is on.

Hope this helps.

Hi msmith thanks for your reply, it has been very helpful but my main problem still remains,

you are totally correct, in that all machines behind the different SMs will not be able to talk to each other unless using VPN, i read somewhere that the new version of the canopy software allows you to do VPN, you may want to look into it as it could save you money on deploying linksys.

My main problem is not getting the machines behind the SM to talk to eachother as we are acting as an ISP and would not want the different customers to be able to see eachother.

What i was trying to do was establish that the laptop behind the SM can talk to anything outside. At the moment the only thing I can ping is or depending on which laptop im on. I cant ping the public interface of the SM’s. I want to test that the NAT is working properley and that I can talk to anything outside after the SM.

By the way my two public addressess and are both on the same subnet as I am using 16 bit mask, but as you mentioned this will not allow me to do what i was trying without a VPN.

How can test to see if the NAT is working, surely if I cant see my public interface then I will not be able to see internet.

Thanks in advance for your help.