[Iscsitarget-devel] iSCSI Target through Firewall (NAT)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Dear Colleagues

I am not sure if we already had this discussion. At least I could find 
some old mailing list entries going into a smiliar direction
but I couldn't find a solution so I am posting my problem.

The situation:

- IET (latest SVN code) running on a FC7 system at my home (IP: 192.168.1.3)
- Microsoft iSCSI Initiator 2.05 running on my DELL Notebook (Windows 
Vista Business) in public internet (Public IP)
- Inbetween those two systems is my firewall publishing IET to the 
internet. (Port forwarding)

The FW rule is as follows:

Firewall is accepting connections on the public interface TCP port 3260 
from ANY source IP and forwards them to my IET system 192.168.1.3
on the internal network.

- So far so good I can do a "telnet" to the Public IP of my firewall 
(port 3260) and I get a connect.
- I can configure the portal (discovery) on MS INI and I see my exported 
LUNs.
- I "cannot" connect to any of my LUNs. It just sits there and tries and 
tries and times out after 5 minutes.

When I look at my ports with "netstat", or Sysinternals TCP-View I can 
see that there are outgoing connections in state SYN SENT.
I see the destination port TCP 3260 but the destination IP is 
192.168.1.3 instead of the public IP of my firewall.

Does iSCSI pass back the target IP address through the protocol  to the 
initiator !! This way MS INI gets the private address.
Does this mean that iSCSI is not NAT compliant !

Any idea to overcome this limitation ? MS INI should just take the IP 
address it used for connecting to the portal and not switch to
the targets real (private) IP.

Regards,
Oliver