Re: Linux Kernel 2.4.10, arp -s doesn't work?

To:	"Matthew G. Marsh" <mgm@xxxxxxxxxxxxx>
Subject:	Re: Linux Kernel 2.4.10, arp -s doesn't work?
From:	<nfudd@xxxxxxxxxxxx>
Date:	Mon, 22 Oct 2001 01:01:19 -0700 (PDT)
Cc:	<netdev@xxxxxxxxxxx>
In-reply-to:	<Pine.LNX.4.31.0110192246320.295-100000@netmonster.pakint.net>
Sender:	owner-netdev@xxxxxxxxxxx

On Fri, 19 Oct 2001, Matthew G. Marsh wrote:

> > Where can I find more information on one-to-one NAT?
>
> Actually 1-2-1 NAT is merely shorthand to distinguish which NAT I was
> talking about. NAT essentially comes in two flavours:
>
> 1-2-1 is where one ip address is uniquely mapped onto another ip address
>
> Many-2-1 is where multiple ip addresses are mapped onto one ip address
>       (covers both 1-2-Many and Many-2-1 mappings)
>
> 1-2-1 is traditionally thought of as a "routed NAT" where a router
> performs the unique change of addresses.
>
> Many-2-1 is what is thought of as "IP Masquerade"
>
> Both functions are available with the same NetFilter commands.
> Additionally 1-2-1 NAT is done by the FastNAT structures that are part of
> the RPDB within Linux kernels. However NetFilter conntrack is not
> compatible with FastNAT and thus if you use NetFilter conntrack then you
> cannot use FastNAT. For your case you would be better off using NetFilter
> NAT with conntrack in order to also apply control to the clients passthru.
>
> You an use FastNAT with NetFilter filters (as weirdos such as myself are
> wont to do... ;-} ), but for standard NetFilter usage such as you need, it
> is far easier (and you can ask people on this list for help) to use the
> NetFilter 1-2-1 setup. I do think that someone also posted a patch that
> allows you to do 1-2-1 NAT over a range correctly.

Pardon me, but my eyes glazed over.  Let me get this straight.  There
is FastNAT, and there is NetFilter.  You pick one or the other when
compiling the kernel (somehow).  You can load them as modules
(somehow).  Which things are incompatible and should not be used together?
What happens if you accidentally use them together?  And is there a
manual someplace, or maybe a test suite...

> > "The personal computer allows you to make more mistakes faster than
> > any other invention in human history, with the possible exceptions of
> > handguns and tequila."
> > (It's the mistakes made with handguns, computers *and* tequila that
> > are really spectacular!)
>
> ROFL! (having seen and/or participated in such mistakes...)

Yikes... what hardware got bullet-holed?  :-)

--
N Fudd -- nfudd@xxxxxxxxxxxx
Methuselah lived to be 969 years old. You boys and girls will see more
in the next fifty years than Methuselah saw in his whole lifetime.
  - Mark Twain

<Prev in Thread]	Current Thread	[Next in Thread>
Linux Kernel 2.4.10, arp -s doesn't work?, nfudd Re: Linux Kernel 2.4.10, arp -s doesn't work?, Matthew G. Marsh Re: Linux Kernel 2.4.10, arp -s doesn't work?, nfudd Re: Linux Kernel 2.4.10, arp -s doesn't work?, Matthew G. Marsh Re: Linux Kernel 2.4.10, arp -s doesn't work?, nfudd <= Re: Linux Kernel 2.4.10, arp -s doesn't work?, Matthew G. Marsh Re: Linux Kernel 2.4.10, arp -s doesn't work?, nfudd Re: Linux Kernel 2.4.10, arp -s doesn't work?, kuznet Re: Linux Kernel 2.4.10, arp -s doesn't work?, Martin Josefsson

Previous by Date:	Re: Linux Kernel 2.4.10, arp -s doesn't work?, Matthew G. Marsh
Next by Date:	Re: Linux Kernel 2.4.10, arp -s doesn't work?, Matthew G. Marsh
Previous by Thread:	Re: Linux Kernel 2.4.10, arp -s doesn't work?, Matthew G. Marsh
Next by Thread:	Re: Linux Kernel 2.4.10, arp -s doesn't work?, Matthew G. Marsh
Indexes:	[Date] [Thread] [Top] [All Lists]