On Sun, 21 Jan 2007, [email protected] wrote:
> From: Justin Piszcz <[email protected]>
> Date: Sun, Jan 21, 2007 at 11:48:07AM -0500
> >
> > What about all of the changes with NAT? I see that it operates on
> > level-3/network wise, I enabled that and backward compatiblity support as
> > well, but when my iptables rules kick in, it says no such driver/etc for
> > `nat'-- is there a new target for iptables now or did I miss a kernel
> > option?
> >
>
> Well, I'm typing this on my laptop, connected via my main server to the
> internet, using SNAT, according to the firehol manpage. The main server
> runs 2.6.20-rc5, and somewhere in my 2.6.20-rc5 .config, there is
>
> CONFIG_NF_NAT=m
> CONFIG_NF_NAT_NEEDED=y
> CONFIG_IP_NF_TARGET_MASQUERADE=m
> CONFIG_IP_NF_TARGET_REDIRECT=m
> CONFIG_IP_NF_TARGET_NETMAP=m
> CONFIG_IP_NF_TARGET_SAME=m
> CONFIG_NF_NAT_SNMP_BASIC=m
> CONFIG_NF_NAT_PROTO_GRE=m
> CONFIG_NF_NAT_FTP=m
> CONFIG_NF_NAT_IRC=m
> CONFIG_NF_NAT_TFTP=m
> CONFIG_NF_NAT_AMANDA=m
> CONFIG_NF_NAT_PPTP=m
> CONFIG_NF_NAT_H323=m
> CONFIG_NF_NAT_SIP=m
>
> and my firewall's manpage says:
>
> FIREHOL.CONF(5) User Contributed Perl Documentation FIREHOL.CONF(5)
>
>
> masquerade [reverse | interface] [optional rule parameters]
>
> Masquerading is a special from of SNAT (Source NAT) that changes the
> source of requests when they go out and replaces their original
> source when replies come in. This way a Linux box can become an
> internet router for a LAN of clients having unroutable IP addresses.
> Masquerading takes care to re-map IP addresses and ports as required.
>
> Masquerading is "expensive" compared to SNAT because it checks the IP
> address of the ougoing interface every time for every packet, and
> therefore it is suggested that if you connect to the internet with a
> static IP address, to prefer SNAT.
>
> while my /etc/firehol/firehol.conf has a part in it like this:
>
> #
> # route access from the clients to the internet
> #
> router internet2network inface adsl outface switch
> masquerade reverse
> client all accept
>
> All in all, NAT is working for me with 2.6.20-rc5. I do remember I had
> to reselect all the netfilter modules in menuconfig.
>
> Good luck,
> Jurriaan
> --
> > What does ELF stand for (in respect to Linux?)
> ELF is the first rock group that Ronnie James Dio performed with back in
> the early 1970's. In constrast, a.out is a misspelling of the French word
> for the month of August. What the two have in common is beyond me, but
> Linux users seem to use the two words together.
> seen on c.o.l.misc
> Debian (Unstable) GNU/Linux 2.6.20-rc5 2x2011 bogomips load 0.83
> the Jack Vance Integral Edition: http://www.integralarchive.org
> -
> To unsubscribe from this list: send the line "unsubscribe linux-raid" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
Thanks, I'll give it another go in a bit!
Justin.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
- References:
- 2.6.19.2, cp 18gb_file 18gb_file.2 = OOM killer, 100% reproducible
- Re: 2.6.19.2, cp 18gb_file 18gb_file.2 = OOM killer, 100% reproducible
- Re: 2.6.19.2, cp 18gb_file 18gb_file.2 = OOM killer, 100% reproducible
- Re: 2.6.19.2, cp 18gb_file 18gb_file.2 = OOM killer, 100% reproducible
- Re: 2.6.19.2, cp 18gb_file 18gb_file.2 = OOM killer, 100% reproducible
- Re: 2.6.19.2, cp 18gb_file 18gb_file.2 = OOM killer, 100% reproducible
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]