Re: NAT

["Paul D. Robertson" <proberts () clark net>]

On Thu, 27 Apr 2000, Bennett Todd wrote:

> > I'm sure this is doable with Linux with some masquerading for the
> > internal to external connections and Masquerading or redirection
> > for the external to internal ones.
>
> With ipfwadm (2.0.x kernels) and ipchains (2.2.x kernels), no, you can
> only do Masquerading, not static NAT; there's no way to tell the
> kernel to listen for connections on a particular ipaddr:port and

I'm not sure about IP addresses, but I thought the whole "transparent
proxy" solution in the 2.0.n kernels was redirection-alike stuff (this is
from a long ago reading of the stuff at XOS, a quick google shows this at
http://www.xos.nl/linux/ipfwadm/paper/node5.html#SECTION00050000000000000000
- not the most elegant solution, but still a possible solution unless I'm
missing something basic here?)

Also, http://proxy.iinchina.net/~wensong/ipnat/ contains an older (up to
2.0.35) implementation of NAT.

> route them to a masqueraded machine. With netfilter (late 2.3.x 
> kernels, will be in 2.4 when it comes out) you can do this.

There appears to be some NAT code in the 2.2.nn kernels, but I can't say
if it works or how well - specificly there's some config stuff in the
router side code.

http://www.suse.de/~mha/HyperNews/get/linux-ip-nat.html seems to indicate
code for 2.0.29-2.0.33 and 2.2.4 (marked as "Should work with newer 2.2
kernels.)


Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () clark net      which may have no basis whatsoever in fact."
                                                                     PSB#9280